PT-2008-4007 · C6 · C6 Messenger
Nine:Situations:Group
·
Publicado
2008-06-04
·
Atualizado
2018-10-11
·
CVE-2008-2551
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
C6 Messenger version 1.0.0.1
Description
The issue allows remote attackers to force the download and execution of arbitrary files. This is achieved via a URL in the
propDownloadUrl parameter when the propPostDownloadAction parameter is set to "run".Recommendations
For version 1.0.0.1, avoid using the
propDownloadUrl parameter with the propPostDownloadAction parameter set to "run" until a fix is available. As a temporary workaround, consider restricting access to the DownloaderActiveX Control to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
C6 Messenger