PT-2015-3485 · Dvdvideosoft+1 · Atube Catcher+1

Published

2015-01-01

Updated

2015-01-03

CVE-2011-5289

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions aTube Catcher version 2.3.570

Description The issue allows remote attackers to write to arbitrary files via a pathname in the argument passed to the SaveDecrypted method in the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX control.

Recommendations For aTube Catcher version 2.3.570, consider disabling the SaveDecrypted method in the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX control as a temporary workaround until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2011-5289

Affected Products

Chilkatcrypt2

Atube Catcher

PT-2015-3485 · Dvdvideosoft+1 · Atube Catcher+1

CVE-2011-5289

Weakness Enumeration

Related Identifiers

Affected Products

References · 3