CVE-2008-1770

Akamai Download Manager <2.2.3.6 - CRLF Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1770. PoCs published by cocoruder.

AI-analyzed exploit summary This exploit leverages a vulnerability in Akamai Download Manager ActiveX control to download and execute a file from a remote server to an arbitrary location on the victim's system. The PoC specifically targets CVE-2008-1770 by manipulating the 'target' parameter to place the file in the Startup folder.

Description

CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line.

Exploits (1)

exploitdb WORKING POC VERIFIED

by cocoruder · htmlremotewindows

https://www.exploit-db.com/exploits/5741

View Code ZIP pw:eip

This exploit leverages a vulnerability in Akamai Download Manager ActiveX control to download and execute a file from a remote server to an arbitrary location on the victim's system. The PoC specifically targets CVE-2008-1770 by manipulating the 'target' parameter to place the file in the Startup folder.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Akamai Download Manager v2.2.3 (ActiveX control)

No auth needed

Prerequisites: Victim must be using Internet Explorer with ActiveX enabled · Victim must visit the malicious webpage

MITRE ATT&CK