Skip to content
CVSS 8.4 · HIGH

CVE-2018-25304

Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation. Attackers can craft a malicious URL file that, when imported through the File > Import > Import lists of downloads menu, causes a buffer overflow in the Location header response that overwrites the SEH chain and executes arbitrary code.

Ver en NVD

Análisis

This vulnerability affects an extremely old version (2.0) of Free Download Manager and requires a user to manually import a malicious file to trigger the exploit. It does not impact modern development workflows or the common stack used by the community.

Severidad

Puntaje: 8.4(HIGH)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: LOCAL
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-120

EPSS

Probabilidad de explotación (próx. 30 días): 0.0002 (0.0%)
Percentil: 3.4%
EPSS: 2026-05-06

Descripción técnica

Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation. Attackers can craft a malicious URL file that, when imported through the File > Import > Import lists of downloads menu, causes a buffer overflow in the Location header response that overwrites the SEH chain and executes arbitrary code.

Publicada: 29/4/2026, 20:16:25
Última modificación: 30/4/2026, 15:44:48

Referencias

InicioEventosBlogRecursosEquipo