CVE-2010-0189

Published: Feb 23, 2010Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.

Affected (2)

Products: Nos Microsystems: Getplus Download Manager · Adobe: Download Manager

Nos Microsystems

1 product

Getplus Download Manager

1 product

Download Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Nos Microsystems Getplus Download Manager	Version 1.5.2.35
Adobe Download Manager	Up to 1.6.2.60

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (26)

http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx

Source: psirt@adobe.com

http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html

Source: psirt@adobe.com

http://blogs.zdnet.com/security/?p=5505

Source: psirt@adobe.com

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856

Source: psirt@adobe.com

http://secunia.com/advisories/38729

Source: psirt@adobe.com

Vendor Advisory

http://securitytracker.com/id?1023651

Source: psirt@adobe.com

http://www.adobe.com/support/security/bulletins/apsb10-08.html

Source: psirt@adobe.com

PatchVendor Advisory

http://www.akitasecurity.nl/advisory.php?id=AK20090401

Source: psirt@adobe.com

http://www.osvdb.org/62547

Source: psirt@adobe.com

http://www.securityfocus.com/bid/38313

Source: psirt@adobe.com

http://www.vupen.com/english/advisories/2010/0459

Source: psirt@adobe.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/56370

Source: psirt@adobe.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182

Source: psirt@adobe.com

http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://blogs.zdnet.com/security/?p=5505

Source: af854a3a-2127-422b-91ae-364da2661108

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/38729

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1023651

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.adobe.com/support/security/bulletins/apsb10-08.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.akitasecurity.nl/advisory.php?id=AK20090401

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/62547

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/38313

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/0459

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/56370

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.