Akamai Download Manager ActiveX Control Multiple Buffer Overflow Vulnerabilities
BID:23522
Info
Akamai Download Manager ActiveX Control Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 23522 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1891 CVE-2007-1892 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 16 2007 12:00AM |
| Updated: | Aug 15 2007 12:03AM |
| Credit: | Fortinet, iDefense and the vendor are credited with discovering these issues. |
| Vulnerable: |
Akamai Akamai Download Manager 2.2.0.0 |
| Not Vulnerable: |
Akamai Akamai Download Manager 2.2.1.0 |
Discussion
Akamai Download Manager ActiveX Control Multiple Buffer Overflow Vulnerabilities
Akamai Download Manager is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting these issues allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.
These issues affect Akamai Download Manager prior to 2.2.1.0; other versions may also be affected.
Akamai Download Manager is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting these issues allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.
These issues affect Akamai Download Manager prior to 2.2.1.0; other versions may also be affected.
Exploit / POC
Akamai Download Manager ActiveX Control Multiple Buffer Overflow Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Akamai Download Manager ActiveX Control Multiple Buffer Overflow Vulnerabilities
Solution:
The vendor has released version 2.2.1.0 to resolve these issues; please see the references for details.
Akamai Akamai Download Manager 2.2.0.0
Solution:
The vendor has released version 2.2.1.0 to resolve these issues; please see the references for details.
Akamai Akamai Download Manager 2.2.0.0
-
Akamai Akamai Download Manager 2.2.1.0
http://dlm.tools.akamai.com/tools/upgrade.html
References
Akamai Download Manager ActiveX Control Multiple Buffer Overflow Vulnerabilities
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Vendor Homepage (Akamai)
- Akamai Technologies Security Advisory 2007-000 (Akamai Security Team
) - iDefense Security Advisory 04.16.07: Akamai Download Manager ActiveX Stack Buffe (iDefense Labs
) - Microsoft Security Bulletin MS07-045 (Microsoft)
- Vulnerability Note VU#120241 Akamai Download Manager ActiveX control buffer over (US-CERT)