|
||
| Editor Login | Register | ||
| > World > Security |
|
|
| CDNetworks Nefficient Download NeffyLauncher ActiveX Control Directory Traversal | |||||||||||||||||||||||||||
Simon Ryeo has reported a vulnerability in CDNetworks Nefficient Download, which can be exploited by malicious people to compromise a user"s system. The vulnerability is caused due to an input validation error in the NeffyLauncher ActiveX control (NeffyLauncher.dll). This can be exploited to download a malicious file into an arbitrary directory (e.g. the "All Users" startup folder) by assigning a string containing directory traversal sequences to the "SkinPath" property with the "HttpSkin" property set to the malicious file to be downloaded. The vulnerability is reported in version 1.05. Other versions may also be affected. Solution: The vendor has reportedly issued a patch. Provided and/or discovered by: Simon Ryeo Original Advisory: http://seclists.org/bugtraq/2008/Apr/0065.html Extended Solution: The "Extended Solution" section is available for Secunia customers only. Request a trial and get access to the Secunia Customer Area and Extended Secunia advisories. | |||||||||||||||||||||||||||
|
| Bağlantılar: bilgininefendisi.net |
| Open Source Document Project | AUP&TOS |
