The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 220.127.116.11 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters."
Akamai Download Manager is prone to a remote code-execution vulnerability.Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and to compromise affected computers. This issue affects versions prior to Download Manager 18.104.22.168.
The vendor has released Download Manager 22.214.171.124 to resolve this issue; please see the references for details. Akamai Akamai Download Manager 126.96.36.199 Akamai Akamai Download Manager http://dlm.tools.akamai.com/tools/upgrade.html Akamai Akamai Download Manager 188.8.131.52 Akamai Akamai Download Manager http://dlm.tools.akamai.com/tools/upgrade.html
The following proof of concept is available: /data/vulnerabilities/exploits/28993-2.html /data/vulnerabilities/exploits/28993.html