Multiple vulnerabilities have been identified in Akamai Download Manager ActiveX Control, which could be exploited by remote attackers to take complete control of an affected system. These issues are caused by buffer overflow errors in "DownloadManagerV2.ocx" when processing malformed arguments passed to certain methods, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

Affected Products

Akamai Download Manager ActiveX Control versions prior to 2.2.1.0

Solution

Upgrade to version 2.2.1.0 :
http://dlm.tools.akamai.com/tools/upgrade.html

References

http://www.vupen.com/english/advisories/2007/1415
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=514

Credits

Vulnerabilities reported by the vendor, iDefense Labs and Fortinet.

Changelog

2007-04-17 : Initial release

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.