Free Download Manager Remote Control Server HTTP Authorization buffer overflow

Added: 02/04/2009
CVE: CVE-2009-0183
BID: 33554
OSVDB: 51745

Background

Free Download Manager is a download accelerator and manager for Windows systems.

Problem

A buffer overflow vulnerability in the Free Download Manager Remote Control Server allows remote attackers to execute arbitrary commands by sending an HTTP request with a long, specially crafted Authorization header.

Resolution

Upgrade to version 3.0 build 848 or higher.

References

http://secunia.com/secunia_research/2009-3/

Limitations

Exploit works on Free Download Manager 3.0 Build 843.

On Windows Server 2003 targets, patch 933729 must be installed in order for the exploit to succeed.

Platforms

Windows 2000
Windows Server 2003

Back to exploit index