Vulnerability Details : CVE-2008-1617
Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2008-1617
- cpe:2.3:a:interwoven:worksite_web:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1617
5.69%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1617
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-1617
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1617
-
http://www.securityfocus.com/bid/28628
Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41699
-
http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf
MWR CyberSecExploit
-
http://www.vupen.com/english/advisories/2008/1134/references
Jump to