CVE-2010-0189

A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
adobeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
nos_microsystemsgetplus_download_manager
1.5.2.35
adobedownload_manager
𝑥
≤ 1.6.2.60
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx
http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html
http://blogs.zdnet.com/security/?p=5505
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856
http://secunia.com/advisories/38729
http://securitytracker.com/id?1023651
http://www.adobe.com/support/security/bulletins/apsb10-08.html
http://www.akitasecurity.nl/advisory.php?id=AK20090401
http://www.osvdb.org/62547
http://www.securityfocus.com/bid/38313
http://www.vupen.com/english/advisories/2010/0459
https://exchange.xforce.ibmcloud.com/vulnerabilities/56370
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182
http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx
http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html
http://blogs.zdnet.com/security/?p=5505
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856
http://secunia.com/advisories/38729
http://securitytracker.com/id?1023651
http://www.adobe.com/support/security/bulletins/apsb10-08.html
http://www.akitasecurity.nl/advisory.php?id=AK20090401
http://www.osvdb.org/62547
http://www.securityfocus.com/bid/38313
http://www.vupen.com/english/advisories/2010/0459
https://exchange.xforce.ibmcloud.com/vulnerabilities/56370
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182