CVE-2010-0189

NOS Microsystems getPlus Download Manager 1.5.2.35 - Arbitrary Program Download and Installation via ActiveX Control

Title source: llm
STIX 2.1

Description

A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.

References (13)

Core 13
Core References
Third Party Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb10-08.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023651
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38313
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0459
Various Sources x_refsource_misc
http://blogs.zdnet.com/security/?p=5505
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38729
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/62547
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56370

Scores

EPSS 0.0518
EPSS Percentile 91.5%

Details

CWE
CWE-20
Status published
Products (2)
adobe/download_manager < 1.6.2.60
nos_microsystems/getplus_download_manager 1.5.2.35
Published Feb 23, 2010
Tracked Since Feb 18, 2026