Check Point Advisories

Preemptive Protection against Free Download Manager Remote Control Server

Check Point Reference: CPAI-2009-051
Date Published: 4 Feb 2009
Severity: High
Last Updated: Thursday 01 January, 2009
Source: Secunia Research
Industry Reference:CVE-2009-0183
CVE-2008-2234
Protection Provided by:
Who is Vulnerable? Free Download Manager 2.5 Build 758
Free Download Manager 3.0 Build 844
Vulnerability Description A buffer overflow vulnerability was reported in Free Download Manager, a free download accelerator and manager. The vulnerability is caused due to a boundary error in the Remote Control Server when processing "Authorization" headers in HTTP requests. This issue can be triggered via an HTTP request containing an overly long "Authorization" header. Successful exploitation allows execution of arbitrary code.
Update/Patch AvaliableUpgrade to Free Download Manager version 3.0 build 848 :
http://www.freedownloadmanager.org/download.htm
Vulnerability DetailsThe vulnerability is caused due to a boundary error in the Remote Control Server when processing "Authorization" headers in HTTP requests. Sending a crafted HTTP request can be exploited to cause a stack-based buffer overflow that may result in arbitrary code execution.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK