CVE-2008-1617

Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null.

Published: Apr 8, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-1617
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
interwoven / worksite_web	-	8.2.x

http://secunia.com/advisories/29733
http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf
http://www.securityfocus.com/bid/28628
http://www.vupen.com/english/advisories/2008/1134/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41699

Vulnerability Database

CVE-2008-1617