Vulnerabilities > CVE-2006-5658 - Multiple vulnerability in Studio Achtundachtzig Bloomooweb Activex Control 1.0.9
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to (1) download arbitrary files via a URL in the bstrUrl parameter to the BW_DownloadFile method, (2) execute arbitrary local files via a file path in the bstrParams parameter to the BW_LaunchGame method, and (3) delete arbitrary files via a file path in the filePath parameter to the BW_DeleteTempFile method.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://secunia.com/advisories/22666
- http://securityreason.com/securityalert/1808
- http://www.securityfocus.com/archive/1/450144/100/0/threaded
- http://www.securityfocus.com/bid/20827
- http://www.vupen.com/english/advisories/2006/4294
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29968
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29997