Lucene search
This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.AKAMAI_DLM_ACTIVEX_2_2_3_5.NASLHistoryMay 01, 2008 - 12:00 a.m.
Akamai Download Manager ActiveX Control < 2.2.3.5 Remote Code Execution
2008-05-0100:00:00
This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.
www.tenable.com
14
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.082
Percentile
94.4%
The Windows remote host contains the Download Manager ActiveX control from Akamai, which helps users download content.
The version of this ActiveX control on the remote host reportedly allows downloading and automatic execution of arbitrary code. If an attacker can trick a user on the affected host into visiting a specially crafted web page, this method could be leveraged to execute arbitrary code on the affected system subject to the userβs privileges.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(32082);
script_version("1.20");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2007-6339");
script_bugtraq_id(28993);
script_xref(name:"SECUNIA", value:"30037");
script_name(english:"Akamai Download Manager ActiveX Control < 2.2.3.5 Remote Code Execution");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an ActiveX control that allows remote code
execution.");
script_set_attribute(attribute:"description", value:
"The Windows remote host contains the Download Manager ActiveX control
from Akamai, which helps users download content.
The version of this ActiveX control on the remote host reportedly
allows downloading and automatic execution of arbitrary code. If an
attacker can trick a user on the affected host into visiting a
specially crafted web page, this method could be leveraged to execute
arbitrary code on the affected system subject to the user's
privileges.");
# https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=695
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3f59bfc9");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/May/1");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2008/Apr/816");
script_set_attribute(attribute:"solution", value:
"Upgrade to version 2.2.3.5 or later of the control.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"D2ExploitPack");
script_cwe_id(94);
script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.");
script_dependencies("smb_hotfixes.nasl");
script_require_keys("SMB/Registry/Enumerated");
script_require_ports(139, 445);
exit(0);
}
include("global_settings.inc");
include("smb_func.inc");
include("smb_activex_func.inc");
if (!get_kb_item("SMB/Registry/Enumerated")) exit(0);
# Locate the file used by the control.
if (activex_init() != ACX_OK)
exit(1, "ActiveX initialization failed.");
clsids = make_list("{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}",
"{2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B}");
info = NULL;
foreach clsid (clsids)
{
file = activex_get_filename(clsid:clsid);
if (file)
{
# Check its version.
ver = activex_get_fileversion(clsid:clsid);
# Fixed version of DownloadManagerV2.ocx == 2.2.3.5
if (ver && activex_check_fileversion(clsid:clsid, fix:"2.2.3.5") == TRUE)
{
if (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0)
{
info += ' - ' + clsid + '\n' +
' ' + file + ', ' + ver + '\n';
if (!thorough_tests) break;
}
}
}
}
activex_end();
if (info)
{
if (report_verbosity > 0)
{
if (report_paranoia > 1)
{
report = string(
"\n",
"Nessus found the following affected control(s) installed :\n",
"\n",
info,
"\n",
"Note that Nessus did not check whether the kill bit was set for\n",
"the control(s) because of the Report Paranoia setting in effect\n",
"when this scan was run.\n"
);
}
else
{
report = string(
"\n",
"Nessus found the following affected control(s) installed :\n",
"\n",
info,
"\n",
"Moreover, the kill bit was not set for the control(s) so they\n",
"are accessible via Internet Explorer.\n"
);
}
security_hole(port:kb_smb_transport(), extra:report);
}
else security_hole(kb_smb_transport());
}
Related
checkpoint_advisories
checkpoint_advisories
seebug
seebug
Akamai Download Manager ActiveXζ§δ»ΆθΏη¨δ»£η ζ§θ‘ζΌζ΄
2008-05-07 00:00:00
cvelist
cvelist
CVE-2007-6339
2008-05-01 17:20:00
nvd
nvd
CVE-2007-6339
2008-05-01 19:05:00
CVE-2008-6339
2008-05-01 19:05:00
prion
prion
Code injection
2008-05-01 19:05:00
Design/Logic Flaw
2008-05-01 19:05:00
d2
d2
DSquare Exploit Pack: D2SEC_AKAMAI
2008-05-01 19:05:00
cve
cve
CVE-2007-6339
2008-05-01 19:05:00
CVE-2008-6339
2008-05-01 19:05:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.082
Percentile
94.4%
Related for AKAMAI_DLM_ACTIVEX_2_2_3_5.NASL