Vulnerabilities > CVE-2008-1617 - Numeric Errors vulnerability in Interwoven Worksite web
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 28628 CVE(CAN) ID: CVE-2008-1617 Worksite是Interwoven发布的文档和邮件管理解决方案。 Worksite的iManFile.cab文件所安装的Web TransferCtrl Class ActiveX控件(CLSID:4BECECDE-E494-4f69-A3DE-DA0B77726307)在处理Server属性时存在双重释放漏洞。如果用户受骗访问了恶意站点的话,就可以触发这个漏洞,导致执行任意指令。 Interwoven WorkSite 8.2 Interwoven ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://worksitesupport.interwoven.com target=_blank>http://worksitesupport.interwoven.com</a> |
| id | SSV:3157 |
| last seen | 2017-11-19 |
| modified | 2008-04-13 |
| published | 2008-04-13 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-3157 |
| title | Interwoven WorkSite Web TransferCtrl Class控件双重释放漏洞 |
References
- http://secunia.com/advisories/29733
- http://secunia.com/advisories/29733
- http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf
- http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf
- http://www.securityfocus.com/bid/28628
- http://www.securityfocus.com/bid/28628
- http://www.vupen.com/english/advisories/2008/1134/references
- http://www.vupen.com/english/advisories/2008/1134/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41699
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41699