Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2551

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-2551
Last Modified 07 Mar 2011 10:09:21
Published 04 Jun 2008 07:32:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2551

Summary

The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to "run."

Vulnerable Systems

Application

  • Icona Instant Messenger 1.0.0.1


References

XF - iconaspa-downloaderactivex-code-execution(42825)

VUPEN - ADV-2008-1733

BID - 29519

BUGTRAQ - 20080603 [NSG 03-06-2008] C6 Messenger Installation Url DownloaderActiveX Control Remote Download & Execute Exploit

MILW0RM - 5732

SREASON - 3926

SECUNIA - 30512


Last Updated: 27 May 2016 10:47:54