CyberSec.Space Logo
CVEブラウザに戻る

CVE-2009-1064

MEDIUM
5.8
CVSS Severity Score
EPSS Score0.1500%
EPSS Percentile38.80th
Published2009年3月26日
Last Modified2026年4月23日

Vulnerability Description

Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method.

Affected Platforms (CPE)

📦
Orbit Downloader

Orbit Downloader

= 2.6.3
📦
Orbit Downloader

Orbit Downloader

= 2.6.4
📦
Orbitdownloader

Orbit Downloader

<= 2.8.7
📦
Orbitdownloader

Orbit Downloader

= 2.6.1
📦
Orbitdownloader

Orbit Downloader

= 2.6.3
📦
Orbitdownloader

Orbit Downloader

= 2.6.4
📦
Orbitdownloader

Orbit Downloader

= 2.6.5
📦
Orbitdownloader

Orbit Downloader

= 2.7.1
📦
Orbitdownloader

Orbit Downloader

= 2.7.3
📦
Orbitdownloader

Orbit Downloader

= 2.7.5
📦
Orbitdownloader

Orbit Downloader

= 2.7.6
📦
Orbitdownloader

Orbit Downloader

= 2.7.7
📦
Orbitdownloader

Orbit Downloader

= 2.7.8
📦
Orbitdownloader

Orbit Downloader

= 2.7.9
📦
Orbitdownloader

Orbit Downloader

= 2.8.1
📦
Orbitdownloader

Orbit Downloader

= 2.8.2
📦
Orbitdownloader

Orbit Downloader

= 2.8.3
📦
Orbitdownloader

Orbit Downloader

= 2.8.4
📦
Orbitdownloader

Orbit Downloader

= 2.8.5

References & Advisories

🔗 http://www.securityfocus.com/bid/34200
🔗 http://www.waraxe.us/advisory-73.html
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/49353
🔗 https://www.exploit-db.com/exploits/8257
🔗 http://www.securityfocus.com/bid/34200
🔗 http://www.waraxe.us/advisory-73.html
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/49353
🔗 https://www.exploit-db.com/exploits/8257

関連する脆弱性情報

CVE-2008-160210.0

Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows remote attackers to execute arbitrary code via a long downl...

CVE-2009-01879.3

Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers...

CVE-2010-21044.3

Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary...

CVE-2009-227110.0

The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and ...