Akamai Download Manager ActiveX Control < 2.2.3.5 Remote Code Execution

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that allows remote code
execution.

Description :

The Windows remote host contains the Download Manager ActiveX control
from Akamai, which helps users download content.

The version of this ActiveX control on the remote host reportedly
allows downloading and automatic execution of arbitrary code. If an
attacker can trick a user on the affected host into visiting a
specially crafted web page, this method could be leveraged to execute
arbitrary code on the affected system subject to the user's
privileges.

See also :

http://www.nessus.org/u?3f59bfc9
http://seclists.org/bugtraq/2008/May/1
http://seclists.org/fulldisclosure/2008/Apr/816

Solution :

Upgrade to version 2.2.3.5 or later of the control.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 32082 (akamai_dlm_activex_2_2_3_5.nasl)

Bugtraq ID: 28993

CVE ID: CVE-2007-6339

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now