PT-2009-3412 · Imera · Imeraieplugin+1

Elazar

Published

2009-03-05

Updated

2017-09-29

CVE-2009-0813

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Imera TeamLinks Client version 1.0.2.54

Description The issue concerns an insecure method vulnerability in the ImeraIEPlugin ActiveX control. This vulnerability allows remote attackers to force the download and execution of arbitrary URLs by modifying certain parameters, specifically DownloadProtocol, DownloadHost, DownloadPort, and DownloadURI.

Recommendations For version 1.0.2.54, as a temporary workaround, consider restricting access to the DownloadProtocol, DownloadHost, DownloadPort, and DownloadURI parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2009-0813

Affected Products

Imera Teamlinks Client

Imeraieplugin

PT-2009-3412 · Imera · Imeraieplugin+1

CVE-2009-0813

Weakness Enumeration

Related Identifiers

Affected Products

References · 5