CVE-2010-0189: Input Validation
First published: Tue Feb 23 2010(Updated: )
A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| getPlus Download Manager | =1.5.2.35 | |
| Adobe Downloader | <=1.6.2.60 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://blogs.zdnet.com/security/?p=5505
- http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx
- http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html
- http://www.securityfocus.com/bid/38313
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856
- http://www.adobe.com/support/security/bulletins/apsb10-08.html
- http://secunia.com/advisories/38729
- http://securitytracker.com/id?1023651
- http://www.osvdb.org/62547
- http://www.vupen.com/english/advisories/2010/0459
- http://www.akitasecurity.nl/advisory.php?id=AK20090401
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56370
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182
Frequently Asked Questions
What is the severity of CVE-2010-0189?
CVE-2010-0189 is classified as a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2010-0189?
To fix CVE-2010-0189, users should upgrade to the latest version of NOS Microsystems getPlus Download Manager or Adobe Download Manager.
What types of attacks does CVE-2010-0189 enable?
CVE-2010-0189 enables remote attackers to force the download and installation of arbitrary software on a user's system.
Which versions are affected by CVE-2010-0189?
CVE-2010-0189 affects NOS Microsystems getPlus Download Manager version 1.5.2.35 and all versions of Adobe Download Manager up to 1.6.2.60.
Is CVE-2010-0189 exploitable over the internet?
Yes, CVE-2010-0189 is exploitable over the internet, making it a significant security risk for users.
- collector/nvd-historical
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/remedy
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/nos microsystems
- canonical/getplus download manager
- version/getplus download manager/1.5.2.35
- vendor/adobe
- canonical/adobe downloader
- version/adobe downloader/1.6.2.60