Vulnonym.org

CVE-2008-1617 - Decani Galapagos Penguin

Description

Double free vulnerability in Web TransferCtrl Class 8214 (iManFile.cab) as used in WorkSite Web 8.2 before SP1 P2 allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string then sets the string to null.

Reference

http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf http://www.securityfocus.com/bid/28628 http://secunia.com/advisories/29733 http://www.vupen.com/english/advisories/2008/1134/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41699