CVE-2018-25304

Free Download Manager 2.0 Build 417 Local Buffer Overflow SEH

CVSS 8.6 HIGHEPSS 0.2%CWE-120

Free Download Manager 2.0 Build 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation. Attackers can craft a malicious URL file that, when imported through the File > Import > Import lists of downloads menu, causes a buffer overflow in the Location header response that overwrites the SEH chain and executes arbitrary code.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Filehippo · Free Download Manager

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/44499unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://filehippo.com/download_free_download_manager/925/https://www.exploit-db.com/exploits/44499 https://www.vulncheck.com/advisories/free-download-manager-built-417-local-buffer-overflow-seh