 |
Name:
Akamai.Download.Manager.ActiveX.Insecure.Parameter
|
Released Date:
Apr 23 2008
|
Severity:
high
|
CVE:
2008-1770
|
|
|
|
|
|
|
|
|
FortiGuard Center
> Vulnerability Encyclopedia
In-Depth Analysis
|
Description
|
This indicates an attempt to exploit a parameter injection vulnerability in Akamai Download Manager.
The vulnerability is caused by an input validation error in Akamai Download Manager ActiveX Control 2.2.3.5, that occurs when processing some parameters. It allows remote attackers to save a downloaded file to an arbitrary location by tricking a user into visiting a malicious web page.
|
|
|
|
Impact
|
|
System Compromise: remote attackers can gain control of vulnerable systems.
|
|
|
|
Affected Products
|
|
Akamai Download Manager ActiveX Control 2.2.3.5
|
|
Aliases
|
|
References
|
http://www.frsirt.com/english/advisories/2008/1746
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1770
|
|
Recommended Actions
|
|
Set the kill bit for CLSID "4871A87A-BFDD-4106-8153-FFDE2BAC2967".
|
|
