PT-2008-3414 · Cdnetworks · Neffylauncher.Dll+2

Simon Ryeo

Published

2008-04-18

Updated

2017-09-29

CVE-2008-1886

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CDNetworks Nefficient Download version 1.0.5

Description The issue concerns the use of weak cryptography for a KeyCode in the NeffyLauncher ActiveX control, allowing remote attackers to bypass protection by calculating the required KeyCode. This can be exploited by arbitrary web sites hosting malicious code targeting the control.

Recommendations For version 1.0.5, consider disabling the NeffyLauncher ActiveX control until a patch is available to prevent exploitation. Restrict access to the NeffyLauncher.dll module to minimize the risk of unauthorized use. Avoid using the control on untrusted web sites to reduce the risk of hosting exploit code.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2008-1886

Affected Products

Nefficient Download

Neffylauncher Activex Control

Neffylauncher.Dll

PT-2008-3414 · Cdnetworks · Neffylauncher.Dll+2

CVE-2008-1886

Weakness Enumeration

Related Identifiers

Affected Products

References · 5