Vulnerability Description
Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Akamai Technologies | Download Manager | 2.2.0.0 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=514PatchVendor Advisory
- http://secunia.com/advisories/24900
- http://www.kb.cert.org/vuls/id/120241US Government Resource
- http://www.osvdb.org/34323
- http://www.securityfocus.com/archive/1/465908/100/0/threaded
- http://www.securityfocus.com/bid/23522
- http://www.securitytracker.com/id?1017925
- http://www.vupen.com/english/advisories/2007/1415
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=514PatchVendor Advisory
- http://secunia.com/advisories/24900
- http://www.kb.cert.org/vuls/id/120241US Government Resource
- http://www.osvdb.org/34323
- http://www.securityfocus.com/archive/1/465908/100/0/threaded
- http://www.securityfocus.com/bid/23522
- http://www.securitytracker.com/id?1017925
FAQ
What is CVE-2007-1891?
CVE-2007-1891 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote att...
How severe is CVE-2007-1891?
CVE-2007-1891 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1891?
Check the references section above for vendor advisories and patch information. Affected products include: Akamai Technologies Download Manager.