Orbitdownloader » Orbit Downloader » 2.8.2 : Security Vulnerabilities, CVEs,
Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method.
Max CVSS
5.8
EPSS Score
0.66%
Published
2009-03-26
Updated
2017-09-29
CVE-2009-0187
Public exploit
Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message.
Max CVSS
9.3
EPSS Score
95.79%
Published
2009-02-26
Updated
2018-10-11
2 vulnerabilities found