Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null.
References
Configurations
History
21 Nov 2024, 00:44
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/29733 - Vendor Advisory | |
References | () http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf - Exploit | |
References | () http://www.securityfocus.com/bid/28628 - Exploit | |
References | () http://www.vupen.com/english/advisories/2008/1134/references - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/41699 - |
Information
Published : 2008-04-08 18:05
Updated : 2024-11-21 00:44
NVD link : CVE-2008-1617
Mitre link : CVE-2008-1617
CVE.ORG link : CVE-2008-1617
JSON object : View
Products Affected
interwoven
- worksite_web
CWE
CWE-189
Numeric Errors