Zero-Day Advisory

Fortinet Discovers Akamai Download Manager Arbitrary File Download Vulnerability

Summary

Fortinet's FortiGuard Labs has discovered arbitrary file download vulnerability in Akamai Download Manager.

Solutions

FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:

Akamai.Download.Manager.ActiveX.Insecure.Parameter.Used
Released Apr 22, 2008
Users should use the solution provided by Akamai.

Additional Information

The vulnerability exists in Akamai Download Manager ActiveX control when parsing a parameter which is passed to it. A remote attacker could craft a malicious Web page to exploit the control, which would result in a file being downloaded to an arbitrary location on a user's system once visiting the site. An attacker who successfully exploits this vulnerability can then run arbitrary code on the user's system. For example, a malicious file could be downloaded to a users "startup" folder which would then execute on system boot-up. The arbitrary location must be a valid path, or the file will not download. When a valid path is used, the file will be downloaded in a "drive-by" nature without any user interaction required.

Acknowledgement

Haifei Li of Fortinet's FortiGuard Global Security Research Team

IPS Subscription

Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this vulnerability with the appropriate configuration parameters in place. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.