Orbit Downloader ActiveX Control 'download()' Method Arbitrary File Delete Vulnerability

Bugtraq ID: 34200
Class: Design Error
CVE:
Remote: Yes
Local: No
Published: Mar 23 2009 12:00AM
Updated: Mar 23 2009 07:36PM
Credit: Janek Vind "waraxe"
Vulnerable: Orbit Downloader Orbit Downloader 2.8.7
Orbit Downloader Orbit Downloader 2.8.5
Orbit Downloader Orbit Downloader 2.8.4
Orbit Downloader Orbit Downloader 2.8.3
Orbit Downloader Orbit Downloader 2.8.2
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus