| Name | Akamai.Download.Manager.ActiveX.Insecure.Parameter.Used |
| Release Date | Apr 23, 2008 |
| Severity | High |
| Impact | System Compromise: remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attempt to exploit a parameter injection vulnerability in Akamai Download Manager.
The vulnerability is caused by an input validation error in Akamai Download Manager ActiveX Control 2.2.3.5, that occurs when processing some parameters. It allows remote attackers to save a downloaded file to an arbitrary location by tricking a user into visiting a malicious web page. |
| Affected Products | Akamai Download Manager ActiveX Control 2.2.3.5 |
| Recommended Actions | Set the kill bit for CLSID "4871A87A-BFDD-4106-8153-FFDE2BAC2967". |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1770
|
| Reference/s | http://www.vupen.com/english/advisories/2008/1746 (FrSIRT)
|