CVE-2010-0189

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.3CRITICAL

EPSS

2.5%

top 14.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Download Manager NOS Microsystems Getplus Download Manager

Timeline

PublishedFeb 23

Latest updateMay 2

Description

A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDnos_microsystems/getplus_download_manager1.5.2.35

▶NVDadobe/download_manager1.6.2.60

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-h38x-629j-fv6c: A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1↗2022-05-02

▶

CVEList

CVE-2010-0189: A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1↗2010-02-23

▶