Summary
This host is installed with Orbit Downloader and is prone to File Deletion ActiveX Vulnerability.
Impact
Successful exploitation will let the attacker execute arbitrary codes in a crafted webpage and trick the victim to visit the malicious link which lets the attacker execute the vulnerable code into the context of the affected remote system.
Impact Level: Application
Solution
Upgrade to Orbit Downloader Version 3.0 or later,
For updates refer tohttp://www.orbitdownloader.com
Insight
Bug in the 'download()' function method which lets the attacker to delete arbitrary files in the victim's computer.
Affected
Orbit Downloader 'Orbitmxt.dll' version 2.1.0.2 and prior.
Workaround:
Set the Killbit for the vulnerable CLSID {3F1D494B-0CEF-4468-96C9-386E2E4DEC90} http://support.microsoft.com/kb/240797
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-1064 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704)
- MS IE Information Disclosure and Web Site Spoofing Vulnerabilities
- BitDefender Internet Security 2009 XSS Vulnerability
- Microsoft Update to Improve Cryptography and Digital Certificate Handling (2854544)
- Opera remote location object cross-domain scripting vulnerability