← back
CVE-2008-1885

CVE-2008-1885

EPSS 4.1%
Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download allows remote attackers to download arbitrary code onto a client system via a .. (dot dot) in the SkinPath parameter and a .zip URL in the HttpSkin parameter. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/5397unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/bugtraq/2008/Apr/0065.htmlhttp://secunia.com/advisories/29692https://exchange.xforce.ibmcloud.com/vulnerabilities/41743https://www.exploit-db.com/exploits/5397http://www.securityfocus.com/bid/28666http://www.vupen.com/english/advisories/2008/1186