Vulnerability CVE-2007-1891


Published: 2007-04-17   Modified: 2012-02-12

Description:
Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count.

Type:

CWE-Other

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Akamai technologies -> Download manager 

 References:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=514
http://www.kb.cert.org/vuls/id/120241
http://www.securityfocus.com/archive/1/465908/100/0/threaded
http://www.securityfocus.com/bid/23522
http://www.securitytracker.com/id?1017925
http://www.vupen.com/english/advisories/2007/1415

Copyright 2024, cxsecurity.com

 

Back to Top