CVE-2007-6339

EPSS 4.83%
Published 01.05.2008 19:05:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters."

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Akamai Technologies ≫ Download Manager Version <= 2.2.0.0

Akamai Technologies ≫ Download Manager Version <= 2.2.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.83%	0.891

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=695

Patch

http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061923.html

http://secunia.com/advisories/30037

http://www.securityfocus.com/bid/28993

Patch

http://www.securitytracker.com/id?1019955

http://www.vupen.com/english/advisories/2008/1408/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/42117

https://nvd.nist.gov/vuln/detail/CVE-2007-6339

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-6339

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-6339

EUVD