Unrated severityNVD Advisory· Published Feb 23, 2010· Updated Apr 29, 2026

CVE-2010-0189

Description

A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.

Affected products

Nos Microsystems/Getplus Download Manager
cpe:2.3:a:nos_microsystems:getplus_download_manager:1.5.2.35:*:*:*:*:*:*:*
Adobe Inc./Download Manager
cpe:2.3:a:adobe:download_manager:*:*:*:*:*:*:*:*
Range: <=1.6.2.60

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.adobe.com/support/security/bulletins/apsb10-08.htmlnvdPatchVendor Advisory
secunia.com/advisories/38729nvdVendor Advisory
www.vupen.com/english/advisories/2010/0459nvdVendor Advisory
aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspxnvd
blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.htmlnvd
blogs.zdnet.com/security/nvd
labs.idefense.com/intelligence/vulnerabilities/display.phpnvd
securitytracker.com/idnvd
www.akitasecurity.nl/advisory.phpnvd
www.osvdb.org/62547nvd
www.securityfocus.com/bid/38313nvd
exchange.xforce.ibmcloud.com/vulnerabilities/56370nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000