Vulnerabilities > Orbitdownloader > Orbit Downloader > 2.8.4

DATE CVE VULNERABILITY TITLE RISK
2009-03-26 CVE-2009-1064 Code Injection vulnerability in multiple products
Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method.
5.8
2009-02-26 CVE-2009-0187 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Orbitdownloader Orbit Downloader 2.8.2/2.8.3/2.8.4
Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message.
network
orbitdownloader CWE-119
critical
9.3