Akamai Download Manager is an integral component of Akamai’s global distribution service. It is used to deliver big files quickly and reliably to users around world. It has been used by vendors such as Symantec and Microsoft to provide downloads to the public.
Akamai provides both an ActiveX and a Java based Download Manager. If a user uses the ActiveX control once, it will remain installed on the users computer until manually removed. For more information, please visit following web sites.
Remote exploitation of a design error in Akamai Technologies, Inc’s Download Manager allows attackers to execute arbitrary code in the context of the current user.
The ActiveX control version has the following identifiers:
Class: DownloadManager Control
File: C:WindowsDownloaded Program FilesDownloadManagerV2.ocx
The Java version has the following identifiers:
This problem specifically exists due to two undocumented object parameters. By using these parameters, it is possible to cause Download Manager to automatically download and execute arbitrary binaries from attacker controlled locations.