CyberSec.Space Logo
Back to CVE Browser

CVE-2009-1064

MEDIUM
5.8
CVSS Severity Score
EPSS Score0.1500%
EPSS Percentile38.80th
PublishedMar 26, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method.

Affected Platforms (CPE)

πŸ“¦
Orbit Downloader

Orbit Downloader

= 2.6.3
πŸ“¦
Orbit Downloader

Orbit Downloader

= 2.6.4
πŸ“¦
Orbitdownloader

Orbit Downloader

<= 2.8.7
πŸ“¦
Orbitdownloader

Orbit Downloader

= 2.6.1
πŸ“¦
Orbitdownloader

Orbit Downloader

= 2.6.3
πŸ“¦
Orbitdownloader

Orbit Downloader

= 2.6.4
πŸ“¦
Orbitdownloader

Orbit Downloader

= 2.6.5
πŸ“¦
Orbitdownloader

Orbit Downloader

= 2.7.1
πŸ“¦
Orbitdownloader

Orbit Downloader

= 2.7.3
πŸ“¦
Orbitdownloader

Orbit Downloader

= 2.7.5
πŸ“¦
Orbitdownloader

Orbit Downloader

= 2.7.6
πŸ“¦
Orbitdownloader

Orbit Downloader

= 2.7.7
πŸ“¦
Orbitdownloader

Orbit Downloader

= 2.7.8
πŸ“¦
Orbitdownloader

Orbit Downloader

= 2.7.9
πŸ“¦
Orbitdownloader

Orbit Downloader

= 2.8.1
πŸ“¦
Orbitdownloader

Orbit Downloader

= 2.8.2
πŸ“¦
Orbitdownloader

Orbit Downloader

= 2.8.3
πŸ“¦
Orbitdownloader

Orbit Downloader

= 2.8.4
πŸ“¦
Orbitdownloader

Orbit Downloader

= 2.8.5

References & Advisories

πŸ”— http://www.securityfocus.com/bid/34200
πŸ”— http://www.waraxe.us/advisory-73.html
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/49353
πŸ”— https://www.exploit-db.com/exploits/8257
πŸ”— http://www.securityfocus.com/bid/34200
πŸ”— http://www.waraxe.us/advisory-73.html
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/49353
πŸ”— https://www.exploit-db.com/exploits/8257

Related Vulnerabilities

CVE-2008-160210.0

Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows remote attackers to execute arbitrary code via a long downl...

CVE-2009-01879.3

Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers...

CVE-2010-21044.3

Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary...

CVE-2009-227110.0

The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and ...