CVE-2006-5658

Name of the Vulnerable Software and Affected Versions: BlooMooWeb ActiveX control (AidemATL.dll) (affected versions not specified)

Description: The issue allows remote attackers to perform several malicious actions, including downloading arbitrary files via a URL in the bstrUrl parameter to the BW DownloadFile method, executing arbitrary local files via a file path in the bstrParams parameter to the BW LaunchGame method, and deleting arbitrary files via a file path in the filePath parameter to the BW DeleteTempFile method.

Recommendations: As a temporary workaround, consider disabling the BW DownloadFile, BW LaunchGame, and BW DeleteTempFile methods until a patch is available. Restrict access to the bstrUrl, bstrParams, and filePath parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.