Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

FortiGuard offers protection against ActiveX vulnerability

Fortinet : 11 June, 2008  (New Product)
Fortinet Intrusion Prevention System foils parameter injection attempt, protecting users from malicious code on web sites
Fortinet has announced that its FortiGuard Global Security Research Team has discovered a parameter injection vulnerability in the Akamai Download Manager. The vulnerability, which is protected by Fortinet's intrusion prevention system (IPS), allows a remote file to be transferred to an arbitrary location on an end user's system through Akamai's ActiveX control. An attacker who successfully penetrates this vulnerability can then run arbitrary code on the user's system and potentially exploit it for financial gain.

"Cyber criminals are becoming ever more sophisticated in the methods they use for obtaining personal information for malicious intent," said Derek Manky, security researcher for Fortinet. "Exploits have the potential to be especially harmful, as when executed correctly, a malicious file could be downloaded in a 'drive-by' nature without user interaction."

Customers who subscribe to Fortinet's IPS service are already protected against this parameter injection attack. Users are encouraged to follow the solution provided by Akamai. The FortiGuard Global Security Research Team released a signature on the FortiGuard Centre on April 23rd, 2008, which covers this specific vulnerability.

Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam. These services enable protection against threats on both application and network layers. FortiGuard Services are regularly updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo