Skip to content
CVSS 8.4 · HIGH

CVE-2018-25304

Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation. Attackers can craft a malicious URL file that, when imported through the File > Import > Import lists of downloads menu, causes a buffer overflow in the Location header response that overwrites the SEH chain and executes arbitrary code.

View on NVD

Analysis

This vulnerability affects an extremely old version (2.0) of Free Download Manager and requires a user to manually import a malicious file to trigger the exploit. It does not impact modern development workflows or the common stack used by the community.

Severity

Score: 8.4(HIGH)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: LOCAL
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-120

EPSS

Probability of exploitation (next 30 days): 0.0002 (0.0%)
Percentile: 3.4%
EPSS: 2026-05-06

Technical description

Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation. Attackers can craft a malicious URL file that, when imported through the File > Import > Import lists of downloads menu, causes a buffer overflow in the Location header response that overwrites the SEH chain and executes arbitrary code.

Published: 4/29/2026, 8:16:25 PM
Last modified: 4/30/2026, 3:44:48 PM

References

HomeEventsBlogResourcesTeam