Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ALERT: Akamai Download Manager Arbitrary Program Execution Vulnerability

May 6th 2008 in Uncategorized

Akamai supplies both an ActiveX and a Java based download manager. The ActiveX control remains installed on the users computer until it is manually removed.  It is important to note that Akamai has been used by vendors such as Symantec and Microsoft (eg: Technet and MSDN) for file distribution.


Vulnerable versions:


Akamai Technologies Inc’s DownloadManagerV2.ocx version 2.2.2.1
Akamai Technologies Inc’s Download Manager Java Applet version 2.2.2.0


The security vulnerability makes it possible for an attacker to use the download manager to automatically download and execute files simply by tricking the victim into visiting a malicious web page.


The download manager user interface is displayed during an attack, but there may be insufficient time to cancel the download before exploitation occurs.


Workaround:


Setting kill-bits for the associated CLSIDs will prevent the ActiveX control from being loaded within Internet Explorer, being:


2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B
FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1


Disabling Java will prevent exploitation via the Java Applet.


Akamai has fixed this vulnerability in version 2.2.3.5 of their download manager product. Please refer to the following URL for upgrade instructions (and don’t forget to make sure that the vulnerable activex control has been removed – you will find it in C:\Windows\Downloaded Program File.  The file name is “DownloadManagerV2.ocx”):


http://dlm.tools.akamai.com/tools/upgrade.html


Cite: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=695


Comments are closed.

You will be unable to remove IE8 Beta or IE7 after installing Windows XP SP3 because Microsoft wants to make sure that you do not encounter a problem commonly known as “DLL Hell”.
IE8 Beta 1 users
You will NOT be offered Windows XP SP3 unless and until you remove IE8 Beta 1.  This is because if you install  windows XP SP3 […]

Previous Entry

We have gone from this…                     to this….                                          Or this… showing only online friends.
        
And we get a choice of backgrounds.  The last background, “70s Tux”, doesn’t seem to be working properly on my system.
Me.dium have chosen to turn off “find similar pages” by default; instead, Me.dium will only show you the pages that […]

Next Entry

Archives