CVE-2009-1064
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
26/03/2009
Last modified:
29/09/2017
Description
Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method.
Impact
Base Score 2.0
5.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:orbit_downloader:orbit_downloader:2.6.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:orbit_downloader:orbit_downloader:2.6.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:orbitdownloader:orbit_downloader:*:*:*:*:*:*:*:* | 2.8.7 (including) | |
| cpe:2.3:a:orbitdownloader:orbit_downloader:2.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:orbitdownloader:orbit_downloader:2.6.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:orbitdownloader:orbit_downloader:2.6.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:orbitdownloader:orbit_downloader:2.6.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:orbitdownloader:orbit_downloader:2.7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:orbitdownloader:orbit_downloader:2.7.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:orbitdownloader:orbit_downloader:2.7.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:orbitdownloader:orbit_downloader:2.7.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:orbitdownloader:orbit_downloader:2.7.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:orbitdownloader:orbit_downloader:2.7.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:orbitdownloader:orbit_downloader:2.7.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:orbitdownloader:orbit_downloader:2.8.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page