CVE Reference: CVE-2010-2104

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2010-2104

Description:
Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element.

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA39527

MISC
  http://secunia.com/secunia_research/2010-73/

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/511348/100/100/threaded


Return to the previous page.