← back
CVE-2009-1064

CVE-2009-1064

EPSS 3.7%
Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/8257unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/49353https://www.exploit-db.com/exploits/8257http://www.securityfocus.com/bid/34200http://www.waraxe.us/advisory-73.html