CVE-2008-1617

Name of the Vulnerable Software and Affected Versions WorkSite Web versions 8.2 before SP1 P2

Description The issue allows remote attackers to execute arbitrary code via JavaScript. This is achieved by setting the Server property to a string and then setting the string to null, exploiting a double free vulnerability in the Web TransferCtrl Class.

Recommendations For WorkSite Web versions 8.2 before SP1 P2, update to a version that includes SP1 P2 to resolve the issue. As a temporary workaround, consider restricting the use of JavaScript that sets the Server property to minimize the risk of exploitation.