Unrated severityNVD Advisory· Published Feb 26, 2009· Updated Apr 23, 2026

CVE-2009-0187

Description

Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message.

Affected products

Orbitdownloader/Orbit Downloader3 versions
cpe:2.3:a:orbitdownloader:orbit_downloader:2.8.2:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:orbitdownloader:orbit_downloader:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:orbitdownloader:orbit_downloader:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:orbitdownloader:orbit_downloader:2.8.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/33894nvdPatch
www.vupen.com/english/advisories/2009/0521nvdPatchVendor Advisory
secunia.com/advisories/33843nvdVendor Advisory
secunia.com/secunia_research/2009-9/nvdVendor Advisory
osvdb.org/52294nvd
www.securityfocus.com/archive/1/501220/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/48932nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.059
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000