VYPR
Unrated severityNVD Advisory· Published Jul 21, 2009· Updated Jun 16, 2026

CVE-2009-2564

CVE-2009-2564

Description

NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:corel:getplus_download_manager:1.5.0.48:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:corel:getplus_download_manager:1.5.0.48:*:*:*:*:*:*:*
    • cpe:2.3:a:nos_microsystems:getplus_download_manager:1.6.2.36:*:*:*:*:*:*:*
    • (no CPE)range: <1.5.0.48
  • Range: 1.6.2.36

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.