CRLF Injection Vulnerability in Akamai Download Manager ActiveX Control
CVE-2008-1770

Currently unrated

Key Information:

Vendor: Akamai
Status: Download Manager
Vendor: CVE Published:; 4 June 2008

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 13%

What is CVE-2008-1770?

A vulnerability exists in the Akamai Download Manager ActiveX control that allows remote attackers to craft a URL containing an encoded line feed (LF). If successfully exploited, this can lead to the download and execution of arbitrary files, posing significant security risks for users. Versions prior to 2.2.3.6 are particularly vulnerable, emphasizing the need for timely updates and security practices.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-1770 - Proof of Concept

References

https://www.exploit-db.com/exploits/5741

exploitx_refsource_EXPLOIT-DB

http://www.securitytracker.com/id?1020194

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/archive/1/493077/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

13% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 4, 2008
👾
Exploit known to exist
Jun 4, 2008
Vulnerability published
Jun 4, 2008
Vulnerability Reserved
Apr 12, 2008

CVE-2008-1770 Data

JSON