Internet Download Manager Buffer Overflow Vulnerability in Scheduler Component Allowing Denial-of-Service

A buffer overflow vulnerability has been identified in Internet Download Manager (IDM) version 6.38.12, specifically within the Scheduler component. This vulnerability allows local attackers to cause the application to crash by inputting data larger than 5000 bytes into the 'Open the following file when done' field. The oversized input triggers a denial-of-service condition by causing the application to become unresponsive.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash and become unresponsive.

Reproduction

To reproduce this vulnerability, first create a text file named 'IDMan_Crash.txt' containing malicious data that exceeds 5000 bytes. This can be done using a simple script that writes the oversized input into the file. After creating the file, open Internet Download Manager and navigate to the Scheduler feature. Check the option to 'Open the following file when done' and paste the contents of the 'IDMan_Crash.txt' file into the input field. Once 'Apply' is clicked, the application will crash, demonstrating the buffer overflow vulnerability.