Vulnerability Details : CVE-2010-0189
A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.
Vulnerability category: Input validation
Products affected by CVE-2010-0189
- cpe:2.3:a:adobe:download_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:nos_microsystems:getplus_download_manager:1.5.2.35:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0189
2.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0189
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2010-0189
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0189
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182
Repository / Oval Repository
-
http://securitytracker.com/id?1023651
Adobe Download Manager Flaw Lets Remote Users Download and Install Arbitrary Software - SecurityTracker
-
http://www.adobe.com/support/security/bulletins/apsb10-08.html
Adobe - Security Bulletins: APSB10-08 Security update available for Adobe Download ManagerPatch;Vendor Advisory
-
http://blogs.zdnet.com/security/?p=5505
Blogs | ZDNet
-
http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html
Adobe Product Security Incident Response Team (PSIRT) Blog
-
http://www.vupen.com/english/advisories/2010/0459
Webmail | OVH- OVHVendor Advisory
-
http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx
Runtime Error
-
http://www.akitasecurity.nl/advisory.php?id=AK20090401
getPlus insufficient domain name validation vulnerability - Akita Security B.V.
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/56370
getPlus Download Manager code execution CVE-2010-0189 Vulnerability Report
-
http://www.securityfocus.com/bid/38313
NOS getPlus Downloader Domain Validation Arbitrary File Download Vulnerability
Jump to