Akamai Download Manager ActiveX Control < 2.2.3.6 Arbitrary File Download

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that allows arbitrary
file downloads.

Description :

The Windows remote host contains the Download Manager ActiveX control
from Akamai, which helps users download content.

The version of this ActiveX control on the remote host reportedly is
affected by a parameter injection vulnerability that could be
exploited to download arbitrary files and place them in arbitrary
locations on the affected host, such as the 'Startup' folder used by
Windows. If an attacker can trick a user on the affected host into
visiting a specially crafted web page, this method could be used to
execute arbitrary code on the affected system subject to the user's
privileges.

See also :

http://seclists.org/fulldisclosure/2008/Jun/59
http://www.securityfocus.com/archive/1/493077/30/0/threaded

Solution :

Upgrade to version 2.2.3.7 or later of the control.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 33102 (akamai_dlm_activex_2_2_3_7.nasl)

Bugtraq ID:

CVE ID: CVE-2008-1770

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now