Vulnerability Description
Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation. Attackers can craft a malicious URL file that, when imported through the File > Import > Import lists of downloads menu, causes a buffer overflow in the Location header response that overwrites the SEH chain and executes arbitrary code.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://filehippo.com/download_free_download_manager/925/
- https://www.exploit-db.com/exploits/44499
- https://www.vulncheck.com/advisories/free-download-manager-built-417-local-buffe
FAQ
What is CVE-2018-25304?
CVE-2018-25304 is a vulnerability with a CVSS score of 8.4 (HIGH). Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitat...
How severe is CVE-2018-25304?
CVE-2018-25304 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-25304?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.