Interwoven WorkSite Web 'iManFile.cab' TransferCtrl Class ActiveX Control Double Free Vulnerability

Interwoven WorkSite Web 'iManFile.cab' TransferCtrl Class ActiveX Control Double Free Vulnerability

Interwoven WorkSite Web TransferCtrl Class ActiveX control is prone a double-free vulnerability because of a flaw in the way that it uses a certain JavaScript variable.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Versions prior to WorkSite Web 8.2 SP1 P2 are vulnerable.