CyberSec.Space Logo
Back to CVE Browser

CVE-2010-2104

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1520%
EPSS Percentile22.82th
PublishedMay 27, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element.

Affected Platforms (CPE)

πŸ“¦
Orbitdownloader

Orbit Downloader

= 3.0.0.4
πŸ“¦
Orbitdownloader

Orbit Downloader

= 3.0.0.5

References & Advisories

πŸ”— http://secunia.com/advisories/39527
πŸ”— http://secunia.com/secunia_research/2010-73/
πŸ”— http://www.securityfocus.com/archive/1/511348/100/100/threaded
πŸ”— http://secunia.com/advisories/39527
πŸ”— http://secunia.com/secunia_research/2010-73/
πŸ”— http://www.securityfocus.com/archive/1/511348/100/100/threaded

Related Vulnerabilities

CVE-2008-160210.0

Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows remote attackers to execute arbitrary code via a long downl...

CVE-2009-01879.3

Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers...

CVE-2009-10645.8

Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote a...

CVE-2010-355210.0

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote atta...