| Check Point Reference: |
CPAI-2009-049 |
| Date Published: |
13 Feb 2009 |
| Severity: |
Medium
|
| Last Updated: |
Thursday 01 January, 2009 |
| Source: |
Secunia Advisory: SA30037 |
| Industry Reference: | CVE-2007-6339
Microsoft 960715 |
| Protection Provided by: |
|
| Who is Vulnerable? | Akamai Download Manager 2.x |
| Vulnerability Description |
In its Update Rollup for ActiveX Kill Bits from February 2009 (960715), Microsoft has released a security update to set a kill bit for an ActiveX control developed by Akamai Technologies. Akamai Technologies has released a security update that addresses a vulnerability in the affected component.
Akamai Download Manager is an integral component of Akamai's global distribution service and used by Microsoft to provide downloads. A design error in Akamai Download Manager could allow an attacker to execute arbitrary in the context of the logged-in user. To trigger the vulnerability, an attacker would need to trick the user into clicking a malicious link in either an email or a site. |
| Vulnerability Details | The vulnerability is caused due to certain undocumented object parameters, which can be exploited to e.g. download and execute malicious programs when a user is tricked into visiting a malicious site. |
Feedback