Orbit Downloader File Deletion ActiveX Vulnerability Network Vulnerability

Summary

This host is installed with Orbit Downloader and is prone to File Deletion ActiveX Vulnerability.

Impact

Successful exploitation will let the attacker execute arbitrary codes in a crafted webpage and trick the victim to visit the malicious link which lets the attacker execute the vulnerable code into the context of the affected remote system. Impact Level: Application

Solution

Upgrade to Orbit Downloader Version 3.0 or later, For updates refer tohttp://www.orbitdownloader.com

Insight

Bug in the 'download()' function method which lets the attacker to delete arbitrary files in the victim's computer.

Affected

Orbit Downloader 'Orbitmxt.dll' version 2.1.0.2 and prior. Workaround: Set the Killbit for the vulnerable CLSID {3F1D494B-0CEF-4468-96C9-386E2E4DEC90} http://support.microsoft.com/kb/240797

References

http://xforce.iss.net/xforce/xfdb/49353

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-1064
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Fraudulent Digital Certificates Spoofing Vulnerability (2607712)
MS Windows taskmgr.exe Information Disclosure Vulnerability
Microsoft ASP.NET Cross-Site Scripting vulnerability
Microsoft Internet Explorer XSS Vulnerability - July09
Opera web browser large javaScript array handling vulnerability

Take action and discover your vulnerabilities