CVE-2008-4587

{"id": "CVE-2008-4587", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-10-15T22:45:31.303", "references": [{"url": "http://secunia.com/advisories/28496", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/4428", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27279", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0145", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39653", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/4909", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28496", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/4428", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/27279", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/0145", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39653", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/4909", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders."}, {"lang": "es", "value": "Vulnerabilidad de m\u00e9todo inseguro en el control ActiveX MSVNClientDownloadManager61Lib.DownloadManager.1 (ISDM.exe 6.1.100.61372) de Macrovision FLEXnet Connect 6.1 permite a atacantes remotos forzar la descarga y ejecuci\u00f3n de archivos arbitrarios mediante los m\u00e9todos AddFile y RunScheduledJobs. NOTA: esto se podr\u00eda activar para ejecuci\u00f3n de c\u00f3digo subiendo archivos ejecutables a las carpetas Startup."}], "lastModified": "2024-11-21T00:52:02.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:acresso:flexnet_connect:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "832ABFF7-1B6F-4ED8-A5C6-E53F580A0A58"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}