CVE-2007-6339

EPSS 4.83%
Veröffentlicht 01.05.2008 19:05:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Akamai Technologies ≫ Download Manager Version <= 2.2.0.0

Akamai Technologies ≫ Download Manager Version <= 2.2.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.83%	0.891

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=695

Patch

http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061923.html

http://secunia.com/advisories/30037

http://www.securityfocus.com/bid/28993

Patch

http://www.securitytracker.com/id?1019955

http://www.vupen.com/english/advisories/2008/1408/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/42117

https://nvd.nist.gov/vuln/detail/CVE-2007-6339

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-6339

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-6339

EUVD