Vulnerabilities > Orbitdownloader > Orbit Downloader > 2.8.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-03-26 | CVE-2009-1064 | Code Injection vulnerability in multiple products Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method. | 5.8 |
2009-02-26 | CVE-2009-0187 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Orbitdownloader Orbit Downloader 2.8.2/2.8.3/2.8.4 Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message. | 9.3 |