Vulnerabilities > CVE-2007-1891 - Buffer Overflow vulnerability in Akamai Technologies Download Manager 2.2.0.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Windows |
| NASL id | AKAMAI_DLM_ACTIVEX_2210.NASL |
| description | The Windows remote host contains the Download Manager ActiveX control from Akamai, which helps users download content. The version of this ActiveX control on the remote host reportedly contains two stack-based buffer overflow vulnerabilities. A remote attacker may be able to leverage these issues to execute arbitrary code on the remote host subject to the privileges of the current user. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 25038 |
| published | 2007-04-17 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/25038 |
| title | Akamai Download Manager ActiveX Control < 2.2.1.0 Multiple Vulnerabilities |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=514
- http://secunia.com/advisories/24900
- http://www.kb.cert.org/vuls/id/120241
- http://www.osvdb.org/34323
- http://www.securityfocus.com/archive/1/465908/100/0/threaded
- http://www.securityfocus.com/bid/23522
- http://www.securitytracker.com/id?1017925
- http://www.vupen.com/english/advisories/2007/1415