In association with heise online

06 June 2008, 10:40

Akamai Download Manager accepts malicious code

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Akamai, the load-balancing service provider, says there is a vulnerable ActiveX control in its Download Manager that allows an attacker to take control of a Windows computer. A security advisory from the discoverer of the vulnerability gives more information about the cause. When an attacker's page is visited, parameter injection can be used to upload arbitary files to the visitor's computer and save them anywhere – in the Startup folder for example.

Users may inadvertently arrive at a crafted page by clicking a link in an E-mail or on a web site. While visiting a manipulated page, they can then inadvertently be passed on to a harmful site.

All versions of the Download Manager up to and including 2.2.3.5 are affected. The vulnerability is eliminated in version 2.2.3.7. Akamai says the ActiveX control can be updated on its update page.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-735401
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit