Vulnerabilities > Orbit Downloader > Orbit Downloader > 2.6.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-03-26 | CVE-2009-1064 | Code Injection vulnerability in multiple products Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method. | 5.8 |
2008-04-06 | CVE-2008-1602 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Orbit Downloader Orbit Downloader 2.6.3/2.6.4 Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows remote attackers to execute arbitrary code via a long download URL, which is not properly handled during Unicode conversion for a balloon notification after a download has failed. | 10.0 |