CVE-2009-0184
Free Download Manager - '.Torrent' File Parsing Multiple Buffer Overflow Vulnerabilities
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file.
Múltiple desbordamiento de búfer en la implementación del torrent parsing en Free Download Manager (FDM) v2.5 Build 758 y v3.0 Build 844 permite a atacantes remotos ejecutar código de su elección a través de (1) un nombre de fichero largo sin un fichero torrent, (2) una dirección de tracker URL larga en un fichero torrent, o (3) un comentario largo en un fichero torrent.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-01-20 CVE Reserved
- 2009-02-02 CVE Published
- 2009-11-11 First Exploit
- 2024-08-07 CVE Updated
- 2024-09-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/500605/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/33555 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2009/0302 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/10009 | 2009-11-11 | |
| https://www.exploit-db.com/exploits/16634 | 2010-09-25 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/33524 | 2018-10-11 | |
| http://secunia.com/secunia_research/2009-5 | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Free Download Manager Search vendor "Free Download Manager" | Free Download Manager Search vendor "Free Download Manager" for product "Free Download Manager" | 2.5 Search vendor "Free Download Manager" for product "Free Download Manager" and version "2.5" | - |
Affected
| ||||||
| Free Download Manager Search vendor "Free Download Manager" | Free Download Manager Search vendor "Free Download Manager" for product "Free Download Manager" | 3.0 Search vendor "Free Download Manager" for product "Free Download Manager" and version "3.0" | - |
Affected
| ||||||