Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

Orbit Downloader File Deletion ActiveX Vulnerability

Severity

Medium

Family

Windows

CVSSv2 Base

5.8

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Solution Type

Vendor Patch

Created

15 years ago

Modified

5 years ago

Share on Facebook
Share on LinkedIn
Share on Twitter

This host is installed with Orbit Downloader and is prone to File Deletion ActiveX Vulnerability.

Insight

Bug in the 'download()' function method which lets the attacker to delete arbitrary files in the victim's computer.

Affected Software

Orbit Downloader 'Orbitmxt.dll' version 2.1.0.2 and prior.

Solution

Upgrade to Orbit Downloader Version 3.0 or later. Workaround: Set the Killbit for the vulnerable CLSID {3F1D494B-0CEF-4468-96C9-386E2E4DEC90}

Common Vulnerabilities and Exposures (CVE)

CVE-2009-1064

References

http://www.milw0rm.com/exploits/8257
http://xforce.iss.net/xforce/xfdb/49353
http://support.microsoft.com/kb/240797
http://www.orbitdownloader.com

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

Orbit Downloader File Deletion ActiveX Vulnerability

Information

Severity

Severity

Family

Family

CVSSv2 Base

CVSSv2 Base

CVSSv2 Vector

CVSSv2 Vector

Solution Type

Solution Type

Created

Created

Modified

Modified

Share

Summary

Insight

Insight

Affected Software

Affected Software

Solution

Solution

Common Vulnerabilities and Exposures (CVE)

References