CVE-2009-1064

CVE-2009-1064 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:P

Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method.

Learn more about our Web Application Penetration Testing UK.