CVE-2008-1617

EUVD-2008-1618
Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
interwovenworksite_web
𝑥
≤ 8.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/29733
http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf
http://www.securityfocus.com/bid/28628
http://www.vupen.com/english/advisories/2008/1134/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41699
http://secunia.com/advisories/29733
http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf
http://www.securityfocus.com/bid/28628
http://www.vupen.com/english/advisories/2008/1134/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41699