ID CVE-2009-2582 Type cve Reporter NVD Modified 2018-10-10T15:40:50
Description
Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and CVE-2007-1892.
{"nessus": [{"lastseen": "2019-01-16T20:09:36", "bulletinFamily": "scanner", "description": "The Windows remote host contains the Download Manager ActiveX control\nfrom Akamai, which helps users download content. \n\nThe version of this ActiveX control on the remote host reportedly is\naffected by a buffer overflow vulnerability in 'manager.exe' when\nhandling Redswoosh downloads. If an attacker can trick an user on the\naffected host into visiting a specially crafted web page, he may be\nable to execute arbitrary code on the affected system subject to the\nuser's privileges.", "modified": "2018-11-15T00:00:00", "published": "2009-07-24T00:00:00", "id": "AKAMAI_DLM_ACTIVEX_2_2_4_8.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40363", "title": "Akamai Download Manager ActiveX Control < 2.2.4.8 Buffer Overflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40363);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n\n script_cve_id(\"CVE-2009-2582\");\n script_bugtraq_id(35778);\n script_xref(name:\"Secunia\", value:\"35951\");\n\n script_name(english:\"Akamai Download Manager ActiveX Control < 2.2.4.8 Buffer Overflow\");\n script_summary(english:\"Checks version of Download Manager ActiveX control\"); \n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an ActiveX control that is prone to a\nbuffer overflow attack.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The Windows remote host contains the Download Manager ActiveX control\nfrom Akamai, which helps users download content. \n\nThe version of this ActiveX control on the remote host reportedly is\naffected by a buffer overflow vulnerability in 'manager.exe' when\nhandling Redswoosh downloads. If an attacker can trick an user on the\naffected host into visiting a specially crafted web page, he may be\nable to execute arbitrary code on the affected system subject to the\nuser's privileges.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8641fa7c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2009/Jul/165\");\n\n script_set_attribute(attribute:\"solution\", value:\n\"Manually remove all older versions and, if desired, install version\n2.2.4.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_activex_func.inc\");\n\nif (!get_kb_item(\"SMB/Registry/Enumerated\")) exit(0);\n\n\n# Locate the file used by the control.\nif (activex_init() != ACX_OK) exit(1, \"activex_init() failed.\");\n\nclsids = make_list(\"{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\",\n \"{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}\",\n \"{2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B}\");\n\ninfo = NULL;\nforeach clsid (clsids)\n{\n file = activex_get_filename(clsid:clsid);\n\n if (file)\n {\n # Check its version.\n ver = activex_get_fileversion(clsid:clsid);\n\n # Fixed version of DownloadManagerV2.ocx == 2.2.4.8\n if (ver && activex_check_fileversion(clsid:clsid, fix:\"2.2.4.8\") == TRUE)\n {\n if (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0)\n {\n info += ' - ' + clsid + '\\n' +\n ' ' + file + ', ' + ver + '\\n';\n\n # if (!thorough_tests) break;\n # Do not break the loop if we find a vulnerable clsid.\n # According to iDefense advisory older version are not \n # automatically removed by newer versions.\n } \n }\n }\n}\n\nactivex_end();\n\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = string(\n \"\\n\",\n \"Nessus found the following affected control(s) installed :\\n\",\n \"\\n\",\n info,\n \"\\n\",\n \"Note that Nessus did not check whether the kill bit was set for\\n\",\n \"the control(s) because of the Report Paranoia setting in effect\\n\",\n \"when this scan was run.\\n\"\n );\n }\n else\n {\n report = string(\n \"\\n\",\n \"Nessus found the following affected control(s) installed :\\n\",\n \"\\n\",\n info,\n \"\\n\",\n \"Moreover, the kill bit was not set for the control(s) so they\\n\",\n \"are accessible via Internet Explorer.\\n\"\n );\n }\n security_hole(port:kb_smb_transport(), extra:report);\n }\n else security_hole(kb_smb_transport());\n} \n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}