Akamai Download Manager ActiveX Control < 22.214.171.124 Arbitrary File Download
High Nessus Plugin ID 33102
SynopsisThe remote Windows host has an ActiveX control that allows arbitrary file downloads.
DescriptionThe Windows remote host contains the Download Manager ActiveX control from Akamai, which helps users download content.
The version of this ActiveX control on the remote host reportedly is affected by a parameter injection vulnerability that could be exploited to download arbitrary files and place them in arbitrary locations on the affected host, such as the 'Startup' folder used by Windows. If an attacker can trick a user on the affected host into visiting a specially crafted web page, this method could be used to execute arbitrary code on the affected system subject to the user's privileges.
SolutionUpgrade to version 126.96.36.199 or later of the control.