Vulnerability CVE-2010-0189 - CERT Civis.Net

Vulnerability Name:

CVE-2010-0189 (CCN-56370)

Assigned:

2010-02-18

Published:

2010-02-18

Updated:

2017-09-19

Summary:

A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.
Per: http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html

"Adobe is aware of the recently posted report of a remote code execution vulnerability in the Adobe Download Manager."

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Aviv Raff On .NET
Skeletons in Adobe's security closet

Source: MISC
Type: UNKNOWN
http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx

Source: MISC
Type: UNKNOWN
http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html

Source: MISC
Type: UNKNOWN
http://blogs.zdnet.com/security/?p=5505

Source: MITRE
Type: CNA
CVE-2010-0189

Source: IDEFENSE
Type: UNKNOWN
20100223 Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability

Source: CCN
Type: SA38729
Adobe getPlus DLM Unauthorised Installation Vulnerability

Source: SECUNIA
Type: Vendor Advisory
38729

Source: CCN
Type: SECTRACK ID: 1023651
Adobe Download Manager Flaw Lets Remote Users Download and Install Arbitrary Software

Source: SECTRACK
Type: UNKNOWN
1023651

Source: CCN
Type: Adobe Product Security Bulletin APSB10-08
Security update available for Adobe Download Manager

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb10-08.html

Source: MISC
Type: UNKNOWN
http://www.akitasecurity.nl/advisory.php?id=AK20090401

Source: CCN
Type: NOS Microsystems Web site
getPlus

Source: OSVDB
Type: UNKNOWN
62547

Source: CCN
Type: OSVDB ID: 62547
Adobe getPlus DLM (Download Manager) on Windows getPlus Downloader Software Installation Authorization Weakness

Source: BID
Type: UNKNOWN
38313

Source: CCN
Type: BID-38313
NOS getPlus Downloader Domain Validation Arbitrary File Download Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2010-0459

Source: XF
Type: UNKNOWN
getplus-dlmanager-code-execution(56370)

Source: XF
Type: UNKNOWN
adobe-dlmanager-unspecified-file-download(56370)

Source: CCN
Type: iDefense Labs Public Advisory: 02.23.10
Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:7182

Vulnerable Configuration:

Configuration 1:

cpe:/a:nos_microsystems:getplus_download_manager:1.5.2.35:*:*:*:*:*:*:*

AND

cpe:/a:adobe:download_manager:*:*:*:*:*:*:*:* (Version <= 1.6.2.60)

Configuration CCN 1:

cpe:/a:adobe:acrobat:8.0::standard:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1::standard:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.1::standard:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.2::standard:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.0::professional:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.1::professional:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.2::professional:*:*:*:*:*

OR cpe:/a:adobe:acrobat:9.0::professional:*:*:*:*:*

OR cpe:/a:adobe:acrobat:9.0::standard:*:*:*:*:*

OR cpe:/a:adobe:reader:8.1.1:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:9.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:8.1.2:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:8.1.4:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:9.1:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:9.1.1:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.4::standard:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.3::standard:*:*:*:*:*

OR cpe:/a:adobe:acrobat:9.1::standard:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.2:security_update:professional:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.3::professional:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.4::professional:*:*:*:*:*

OR cpe:/a:adobe:reader:9.1.2:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:9.1.3:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:8.1.6:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:8.1.7:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:9.2:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:8.1.5:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:9.3.1:*:*:*:*:*:*:*

OR cpe:/a:adobe:spelling_dictionaries_support_for_adobe_reader:8.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:7182	V	ActiveX control in NOS Microsystems getPlus Download Manager Vulnerability	2014-06-30