Vulnerabilities > CVE-2008-1617 - Numeric Errors vulnerability in Interwoven Worksite web

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
interwoven
CWE-189
critical
NVD
Published: 2008-04-08
Updated: 2017-08-08

Summary

Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null.

Vulnerable Configurations

Part Description Count
Application
Interwoven
1

Common Weakness Enumeration (CWE)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 28628 CVE(CAN) ID: CVE-2008-1617 Worksite是Interwoven发布的文档和邮件管理解决方案。 Worksite的iManFile.cab文件所安装的Web TransferCtrl Class ActiveX控件(CLSID:4BECECDE-E494-4f69-A3DE-DA0B77726307)在处理Server属性时存在双重释放漏洞。如果用户受骗访问了恶意站点的话,就可以触发这个漏洞,导致执行任意指令。 Interwoven WorkSite 8.2 Interwoven ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://worksitesupport.interwoven.com target=_blank>http://worksitesupport.interwoven.com</a>
idSSV:3157
last seen2017-11-19
modified2008-04-13
published2008-04-13
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-3157
titleInterwoven WorkSite Web TransferCtrl Class控件双重释放漏洞

References