cvelistv5 - CVE-2010-0189

CVE-2010-0189 (GCVE-0-2010-0189)

Vulnerability from cvelistv5 – Published: 2010-02-23 20:00 – Updated: 2024-08-07 00:37

Summary

A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.

Severity ?

No CVSS data available.

CWE

Assigner

adobe

References

URL

Tags

	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	http://securitytracker.com/id?1023651	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/38313	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2010/0459	vdb-entryx_refsource_VUPEN
	http://blogs.zdnet.com/security/?p=5505	x_refsource_MISC
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE
	http://www.akitasecurity.nl/advisory.php?id=AK20090401	x_refsource_MISC
	http://aviv.raffon.net/2010/02/18/SkeletonsInAdob…	x_refsource_MISC
	http://blogs.adobe.com/psirt/2010/02/adobe_downlo…	x_refsource_MISC
	http://secunia.com/advisories/38729	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.osvdb.org/62547	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:37:54.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
          },
          {
            "name": "1023651",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023651"
          },
          {
            "name": "38313",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38313"
          },
          {
            "name": "ADV-2010-0459",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0459"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.zdnet.com/security/?p=5505"
          },
          {
            "name": "20100223 Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.akitasecurity.nl/advisory.php?id=AK20090401"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html"
          },
          {
            "name": "38729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38729"
          },
          {
            "name": "oval:org.mitre.oval:def:7182",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182"
          },
          {
            "name": "62547",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/62547"
          },
          {
            "name": "adobe-dlmanager-unspecified-file-download(56370)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
        },
        {
          "name": "1023651",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023651"
        },
        {
          "name": "38313",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38313"
        },
        {
          "name": "ADV-2010-0459",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0459"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.zdnet.com/security/?p=5505"
        },
        {
          "name": "20100223 Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.akitasecurity.nl/advisory.php?id=AK20090401"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html"
        },
        {
          "name": "38729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38729"
        },
        {
          "name": "oval:org.mitre.oval:def:7182",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182"
        },
        {
          "name": "62547",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/62547"
        },
        {
          "name": "adobe-dlmanager-unspecified-file-download(56370)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-0189",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-08.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
            },
            {
              "name": "1023651",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023651"
            },
            {
              "name": "38313",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/38313"
            },
            {
              "name": "ADV-2010-0459",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0459"
            },
            {
              "name": "http://blogs.zdnet.com/security/?p=5505",
              "refsource": "MISC",
              "url": "http://blogs.zdnet.com/security/?p=5505"
            },
            {
              "name": "20100223 Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856"
            },
            {
              "name": "http://www.akitasecurity.nl/advisory.php?id=AK20090401",
              "refsource": "MISC",
              "url": "http://www.akitasecurity.nl/advisory.php?id=AK20090401"
            },
            {
              "name": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx",
              "refsource": "MISC",
              "url": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx"
            },
            {
              "name": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html",
              "refsource": "MISC",
              "url": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html"
            },
            {
              "name": "38729",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38729"
            },
            {
              "name": "oval:org.mitre.oval:def:7182",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182"
            },
            {
              "name": "62547",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/62547"
            },
            {
              "name": "adobe-dlmanager-unspecified-file-download(56370)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2010-0189",
    "datePublished": "2010-02-23T20:00:00",
    "dateReserved": "2010-01-06T00:00:00",
    "dateUpdated": "2024-08-07T00:37:54.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nos_microsystems:getplus_download_manager:1.5.2.35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C521C4C-822C-4308-B1C7-FE0795441F5F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:download_manager:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.6.2.60\", \"matchCriteriaId\": \"952B9AE6-57AC-4096-8865-A239C74A0AA4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.\"}, {\"lang\": \"es\", \"value\": \"Un determinado control ActiveX en getPlus Download Manager de NOS Microsystems,  (tambi\\u00e9n se conoce como DLM o Downloader) versi\\u00f3n 1.5.2.35, tal y como es usado en Adobe Download Manager, comprueba inapropiadamente las peticiones  que involucran sitios web que no est\\u00e1n en subdominios, lo que permite a los atacantes remotos forzar la descarga e instalaci\\u00f3n de programas arbitrarios por medio de un nombre especialmente dise\\u00f1ado para un sitio de descarga.\"}]",
      "evaluatorComment": "Per: http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html\r\n\r\n\r\n\r\n\"Adobe is aware of the recently posted report of a remote code execution vulnerability in the Adobe Download Manager.\"",
      "id": "CVE-2010-0189",
      "lastModified": "2024-11-21T01:11:43.870",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-02-23T20:30:00.703",
      "references": "[{\"url\": \"http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://blogs.zdnet.com/security/?p=5505\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://secunia.com/advisories/38729\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1023651\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-08.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.akitasecurity.nl/advisory.php?id=AK20090401\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.osvdb.org/62547\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.securityfocus.com/bid/38313\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0459\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/56370\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://blogs.zdnet.com/security/?p=5505\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/38729\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1023651\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-08.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.akitasecurity.nl/advisory.php?id=AK20090401\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/62547\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/38313\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0459\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/56370\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "psirt@adobe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-0189\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2010-02-23T20:30:00.703\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.\"},{\"lang\":\"es\",\"value\":\"Un determinado control ActiveX en getPlus Download Manager de NOS Microsystems,  (tambi\u00e9n se conoce como DLM o Downloader) versi\u00f3n 1.5.2.35, tal y como es usado en Adobe Download Manager, comprueba inapropiadamente las peticiones  que involucran sitios web que no est\u00e1n en subdominios, lo que permite a los atacantes remotos forzar la descarga e instalaci\u00f3n de programas arbitrarios por medio de un nombre especialmente dise\u00f1ado para un sitio de descarga.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nos_microsystems:getplus_download_manager:1.5.2.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C521C4C-822C-4308-B1C7-FE0795441F5F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:download_manager:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6.2.60\",\"matchCriteriaId\":\"952B9AE6-57AC-4096-8865-A239C74A0AA4\"}]}]}],\"references\":[{\"url\":\"http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://blogs.zdnet.com/security/?p=5505\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://secunia.com/advisories/38729\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1023651\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-08.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.akitasecurity.nl/advisory.php?id=AK20090401\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.osvdb.org/62547\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.securityfocus.com/bid/38313\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0459\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/56370\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://blogs.zdnet.com/security/?p=5505\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38729\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1023651\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-08.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.akitasecurity.nl/advisory.php?id=AK20090401\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/62547\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/38313\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0459\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/56370\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Per: http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html\\r\\n\\r\\n\\r\\n\\r\\n\\\"Adobe is aware of the recently posted report of a remote code execution vulnerability in the Adobe Download Manager.\\\"\"}}"
  }
}

CERTA-2010-AVI-089

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité non spécifiée dans le produit Adobe Download Manager permet dans certains cas le téléchargement et l'exécution de programmes non sollicités sur l'ordinateur de la victime.

Description

L'installation des produits Adobe Reader ou Adobe Flash Player pour Microsoft Windows repose sur l'utilisation de Adobe Download Manager. Normalement, ce programme Adobe n'est exécuté qu'une seule fois lors de l'installation, puis est automatiquement effacé de l'ordinateur. Dans certains cas, le programme Adobe Download Manager reste présent sur le système, et peut être utilisé par une personne malintentionnée afin de télécharger et d'exécuter des programmes non sollicités sur l'ordinateur de la victime.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions de Adobe Download Manager sur les systèmes Microsoft Windows antérieures au 23 février 2010.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB10-08 du 23 février 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eVersions de \u003cTT\u003eAdobe Download  Manager\u003c/TT\u003e sur les syst\u00e8mes \u003cTT\u003eMicrosoft Windows\u003c/TT\u003e  ant\u00e9rieures au 23 f\u00e9vrier 2010.\u003c/p\u003e",
  "content": "## Description\n\nL\u0027installation des produits Adobe Reader ou Adobe Flash Player pour\nMicrosoft Windows repose sur l\u0027utilisation de Adobe Download Manager.\nNormalement, ce programme Adobe n\u0027est ex\u00e9cut\u00e9 qu\u0027une seule fois lors de\nl\u0027installation, puis est automatiquement effac\u00e9 de l\u0027ordinateur. Dans\ncertains cas, le programme Adobe Download Manager reste pr\u00e9sent sur le\nsyst\u00e8me, et peut \u00eatre utilis\u00e9 par une personne malintentionn\u00e9e afin de\nt\u00e9l\u00e9charger et d\u0027ex\u00e9cuter des programmes non sollicit\u00e9s sur l\u0027ordinateur\nde la victime.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0189"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-089",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-02-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 non sp\u00e9cifi\u00e9e dans le produit Adobe Download Manager\npermet dans certains cas le t\u00e9l\u00e9chargement et l\u0027ex\u00e9cution de programmes\nnon sollicit\u00e9s sur l\u0027ordinateur de la victime.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Download Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB10-08 du 23 f\u00e9vrier 2010",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
    }
  ]
}

CERTA-2010-AVI-089

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité non spécifiée dans le produit Adobe Download Manager permet dans certains cas le téléchargement et l'exécution de programmes non sollicités sur l'ordinateur de la victime.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions de Adobe Download Manager sur les systèmes Microsoft Windows antérieures au 23 février 2010.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB10-08 du 23 février 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eVersions de \u003cTT\u003eAdobe Download  Manager\u003c/TT\u003e sur les syst\u00e8mes \u003cTT\u003eMicrosoft Windows\u003c/TT\u003e  ant\u00e9rieures au 23 f\u00e9vrier 2010.\u003c/p\u003e",
  "content": "## Description\n\nL\u0027installation des produits Adobe Reader ou Adobe Flash Player pour\nMicrosoft Windows repose sur l\u0027utilisation de Adobe Download Manager.\nNormalement, ce programme Adobe n\u0027est ex\u00e9cut\u00e9 qu\u0027une seule fois lors de\nl\u0027installation, puis est automatiquement effac\u00e9 de l\u0027ordinateur. Dans\ncertains cas, le programme Adobe Download Manager reste pr\u00e9sent sur le\nsyst\u00e8me, et peut \u00eatre utilis\u00e9 par une personne malintentionn\u00e9e afin de\nt\u00e9l\u00e9charger et d\u0027ex\u00e9cuter des programmes non sollicit\u00e9s sur l\u0027ordinateur\nde la victime.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0189"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-089",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-02-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 non sp\u00e9cifi\u00e9e dans le produit Adobe Download Manager\npermet dans certains cas le t\u00e9l\u00e9chargement et l\u0027ex\u00e9cution de programmes\nnon sollicit\u00e9s sur l\u0027ordinateur de la victime.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Download Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB10-08 du 23 f\u00e9vrier 2010",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
    }
  ]
}

GSD-2010-0189

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-0189

Aliases

CVE-2010-0189

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-0189",
    "description": "A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.",
    "id": "GSD-2010-0189"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0189"
      ],
      "details": "A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.",
      "id": "GSD-2010-0189",
      "modified": "2023-12-13T01:21:28.916299Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2010-0189",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb10-08.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
          },
          {
            "name": "1023651",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1023651"
          },
          {
            "name": "38313",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/38313"
          },
          {
            "name": "ADV-2010-0459",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0459"
          },
          {
            "name": "http://blogs.zdnet.com/security/?p=5505",
            "refsource": "MISC",
            "url": "http://blogs.zdnet.com/security/?p=5505"
          },
          {
            "name": "20100223 Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856"
          },
          {
            "name": "http://www.akitasecurity.nl/advisory.php?id=AK20090401",
            "refsource": "MISC",
            "url": "http://www.akitasecurity.nl/advisory.php?id=AK20090401"
          },
          {
            "name": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx",
            "refsource": "MISC",
            "url": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx"
          },
          {
            "name": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html",
            "refsource": "MISC",
            "url": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html"
          },
          {
            "name": "38729",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38729"
          },
          {
            "name": "oval:org.mitre.oval:def:7182",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182"
          },
          {
            "name": "62547",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/62547"
          },
          {
            "name": "adobe-dlmanager-unspecified-file-download(56370)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:nos_microsystems:getplus_download_manager:1.5.2.35:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:download_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.6.2.60",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-0189"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blogs.zdnet.com/security/?p=5505",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.zdnet.com/security/?p=5505"
            },
            {
              "name": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx",
              "refsource": "MISC",
              "tags": [],
              "url": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx"
            },
            {
              "name": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html"
            },
            {
              "name": "38313",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/38313"
            },
            {
              "name": "20100223 Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-08.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
            },
            {
              "name": "38729",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38729"
            },
            {
              "name": "1023651",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1023651"
            },
            {
              "name": "62547",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/62547"
            },
            {
              "name": "ADV-2010-0459",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0459"
            },
            {
              "name": "http://www.akitasecurity.nl/advisory.php?id=AK20090401",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.akitasecurity.nl/advisory.php?id=AK20090401"
            },
            {
              "name": "adobe-dlmanager-unspecified-file-download(56370)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370"
            },
            {
              "name": "oval:org.mitre.oval:def:7182",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-19T01:30Z",
      "publishedDate": "2010-02-23T20:30Z"
    }
  }
}

FKIE_CVE-2010-0189

Vulnerability from fkie_nvd - Published: 2010-02-23 20:30 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
psirt@adobe.com	http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx
psirt@adobe.com	http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html
psirt@adobe.com	http://blogs.zdnet.com/security/?p=5505
psirt@adobe.com	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856
psirt@adobe.com	http://secunia.com/advisories/38729	Vendor Advisory
psirt@adobe.com	http://securitytracker.com/id?1023651
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb10-08.html	Patch, Vendor Advisory
psirt@adobe.com	http://www.akitasecurity.nl/advisory.php?id=AK20090401
psirt@adobe.com	http://www.osvdb.org/62547
psirt@adobe.com	http://www.securityfocus.com/bid/38313
psirt@adobe.com	http://www.vupen.com/english/advisories/2010/0459	Vendor Advisory
psirt@adobe.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/56370
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182
af854a3a-2127-422b-91ae-364da2661108	http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx
af854a3a-2127-422b-91ae-364da2661108	http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html
af854a3a-2127-422b-91ae-364da2661108	http://blogs.zdnet.com/security/?p=5505
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38729	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023651
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb10-08.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.akitasecurity.nl/advisory.php?id=AK20090401
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/62547
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/38313
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0459	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/56370
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182

Impacted products

	Vendor	Product	Version
	nos_microsystems	getplus_download_manager	1.5.2.35
	adobe	download_manager	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nos_microsystems:getplus_download_manager:1.5.2.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C521C4C-822C-4308-B1C7-FE0795441F5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:download_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "952B9AE6-57AC-4096-8865-A239C74A0AA4",
              "versionEndIncluding": "1.6.2.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site."
    },
    {
      "lang": "es",
      "value": "Un determinado control ActiveX en getPlus Download Manager de NOS Microsystems,  (tambi\u00e9n se conoce como DLM o Downloader) versi\u00f3n 1.5.2.35, tal y como es usado en Adobe Download Manager, comprueba inapropiadamente las peticiones  que involucran sitios web que no est\u00e1n en subdominios, lo que permite a los atacantes remotos forzar la descarga e instalaci\u00f3n de programas arbitrarios por medio de un nombre especialmente dise\u00f1ado para un sitio de descarga."
    }
  ],
  "evaluatorComment": "Per: http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html\r\n\r\n\r\n\r\n\"Adobe is aware of the recently posted report of a remote code execution vulnerability in the Adobe Download Manager.\"",
  "id": "CVE-2010-0189",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-02-23T20:30:00.703",
  "references": [
    {
      "source": "psirt@adobe.com",
      "url": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://blogs.zdnet.com/security/?p=5505"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38729"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://securitytracker.com/id?1023651"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.akitasecurity.nl/advisory.php?id=AK20090401"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.osvdb.org/62547"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/bid/38313"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0459"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.zdnet.com/security/?p=5505"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.akitasecurity.nl/advisory.php?id=AK20090401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/62547"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/38313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-H38X-629J-FV6C

Vulnerability from github – Published: 2022-05-02 06:10 – Updated: 2022-05-02 06:10

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-0189"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-02-23T20:30:00Z",
    "severity": "HIGH"
  },
  "details": "A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.",
  "id": "GHSA-h38x-629j-fv6c",
  "modified": "2022-05-02T06:10:50Z",
  "published": "2022-05-02T06:10:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0189"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182"
    },
    {
      "type": "WEB",
      "url": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx"
    },
    {
      "type": "WEB",
      "url": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html"
    },
    {
      "type": "WEB",
      "url": "http://blogs.zdnet.com/security/?p=5505"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38729"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023651"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
    },
    {
      "type": "WEB",
      "url": "http://www.akitasecurity.nl/advisory.php?id=AK20090401"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/62547"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/38313"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0459"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-0189 (GCVE-0-2010-0189)

CERTA-2010-AVI-089

Description

Solution

CERTA-2010-AVI-089

Description

Solution

GSD-2010-0189

FKIE_CVE-2010-0189

GHSA-H38X-629J-FV6C

Tags

Sightings

Nomenclature