CVE-2008-1886

Name of the Vulnerable Software and Affected Versions CDNetworks Nefficient Download version 1.0.5

Description The issue concerns the use of weak cryptography for a KeyCode in the NeffyLauncher ActiveX control, allowing remote attackers to bypass protection by calculating the required KeyCode. This can be exploited by arbitrary web sites hosting malicious code targeting the control.

Recommendations For version 1.0.5, consider disabling the NeffyLauncher ActiveX control until a patch is available to prevent exploitation. Restrict access to the NeffyLauncher.dll module to minimize the risk of unauthorized use. Avoid using the control on untrusted web sites to reduce the risk of hosting exploit code.