Akamai Download Manager ActiveX Control < 2.2.4.8 Buffer Overflow

This script is Copyright (C) 2009-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is prone to a
buffer overflow attack.

Description :

The Windows remote host contains the Download Manager ActiveX control
from Akamai, which helps users download content.

The version of this ActiveX control on the remote host reportedly is
affected by a buffer overflow vulnerability in 'manager.exe' when
handling Redswoosh downloads. If an attacker can trick an user on the
affected host into visiting a specially crafted web page, he may be
able to execute arbitrary code on the affected system subject to the
user's privileges.

See also :

http://www.nessus.org/u?8641fa7c
http://seclists.org/bugtraq/2009/Jul/165

Solution :

Manually remove all older versions and, if desired, install version
2.2.4.8 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 40363 (akamai_dlm_activex_2_2_4_8.nasl)

Bugtraq ID: 35778

CVE ID: CVE-2009-2582

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now