CVE-2008-1886

CDNetworks Nefficient Download - Weak Cryptography in NeffyLauncher ActiveX KeyCode

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1886. PoCs published by Simon Ryeo.

AI-analyzed exploit summary The document describes two vulnerabilities in CDNetworks Nefficient Download (NeffyLauncher.dll) ActiveX control, allowing remote code execution via malicious file placement and keycode bypass. It provides technical details but lacks executable exploit code.

Description

The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download uses weak cryptography for a KeyCode that blocks unauthorized use of the control, which allows remote attackers to bypass this protection mechanism by calculating the required KeyCode. NOTE: this can be used by arbitrary web sites to host exploit code that targets this control.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Simon Ryeo · textremotewindows
https://www.exploit-db.com/exploits/5397

The document describes two vulnerabilities in CDNetworks Nefficient Download (NeffyLauncher.dll) ActiveX control, allowing remote code execution via malicious file placement and keycode bypass. It provides technical details but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: NeffyLauncher 1.0.5
No auth needed
Prerequisites: Write permission on a vulnerable website or a valid keycode · Victim interaction to load malicious ActiveX parameters
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41933
Mailing List mailing-list x_refsource_bugtraq
http://seclists.org/bugtraq/2008/Apr/0065.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28666
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5397

Scores

EPSS 0.0666
EPSS Percentile 93.0%

Details

CWE
CWE-310
Status published
Products (1)
cdnetworks/download_client
Published Apr 18, 2008
Tracked Since Feb 18, 2026