In association with heise online

17 April 2007, 10:38

Security vulnerability in Akamai Download Manager

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Akamai, a provider of online load balancing and online content distribution services, has issued a security advisory identifying two security vulnerabilities in its Download Manager which allow an attacker to gain control of a Windows computer. The problem is caused by buffer overflows in the ActiveX version of the "Akamai Download Manager" (DownloadManagerV2.ocx) for Internet Explorer, which can be exploited to inject and execute malicious code. Victims merely need to visit a prepared web page.

Many users will have installed the flawed ActiveX control when, for instance, downloading Windows Vista Release Candidate 1 or Beta 2, which Microsoft at the time preferred to distribute in this way. There is a Java version of Download Manager for other browsers which does not contain the vulnerability.

According to Akamai, one of the bugs is in all versions prior to The second bug is present in versions and later only. Both bugs are fixed in version According to Akamai, to install the new version, users simply need to visit the update page for the control. The new control is then offered for installation. To check whether this control is installed, take a look at C:\Windows\Downloaded Program Files\.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit