Primary

Context

Free Download Manager Buffer Overflow Vulnerability Allowing Code Execution

Vulnerability

A local buffer overflow vulnerability has been identified in Free Download Manager version 2.0 Built 417. This vulnerability arises in the URL import feature, where attackers can exploit the structured exception handler (SEH) chain. By crafting a malicious URL file and importing it through the application's download menu, the vulnerability is triggered. The crafted file causes a buffer overflow in the Location header response, overwriting the SEH chain and allowing for arbitrary code execution.

Impact

Exploitation of this vulnerability leads to a local buffer overflow, allowing attackers to execute arbitrary code on the affected system.

Reproduction

To reproduce this vulnerability, import a URL file that includes a specific payload into Free Download Manager 2.0 Built 417. The payload should be crafted to exploit the buffer overflow in the Location header response, overwriting the SEH chain and executing arbitrary code.

Added: Apr 29, 2026, 8:31 PM

Updated: Apr 29, 2026, 8:31 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

5.0

remediation

0.0

relevance

7.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

5.0

remediation

0.0

relevance

7.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Free Download Manager Buffer Overflow Vulnerability Allowing Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Free Download Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating