Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2087

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2014-2087
Last Modified 13 Aug 2015 02:04:49
Published 18 Mar 2014 01:04:17
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2087

Summary

Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.cpp in Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name, which is then deleted from the download queue by the user.

Vulnerable Systems

Application

  • Freedownloadmanager Free Download Manager 3.8

  • Freedownloadmanager Free Download Manager 3.9.3


References

MISC - https://www.rcesecurity.com/2014/03/cve-2014-2087-free-download-manager-cdownloads_deleted-updatedownload-remote-code-execution

BID - 66211

BUGTRAQ - 20140313 [CVE-2014-2087] Free Download Manager CDownloads_Deleted::UpdateDownload() Buffer Overflow Remote Code Execution


Last Updated: 27 May 2016 11:08:46