Multiple Buffer Overflow Vulnerabilities in Free Download Manager

Well well well, what are we going to hear with regards to system security this time? Unfortunately, bad news is on the menu again. Recently, multiple vulnerabilities were identified in Free Download Manager.

By manipulating multiple buffer overflow vulnerabilities in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 malicious people will be able to execute arbitrary code. The type of vulnerabilities involved will be reviewed in the following paragraphs of this article.

Do you know exactly what Free Download Manager (FDM) is? It is a powerful, easy-to-use and graphical download accelerator and manager, for the Microsoft Windows operating system. Moreover, FDM is 100% safe, absolutely free open-source software distributed under GPL license. FDM was previously proprietary software, but with the release of version 2.5 it is now free software. One of the files related to Free Download Manager is fdm.exe.

Multiple vulnerabilities in Free Download Manager might be exploited by remote attackers to compromise a user's system. All these types of vulnerabilities are specified below:

1) A boundary error in the parsing of file names inside torrent files could be exploited to lead to a heap-based buffer overflow, for instance by tricking a user to open a manipulated torrent file. The vulnerability is confirmed in version 3.0 Build 844. Other versions might also be affected.

2) Two boundary errors while parsing names from torrent files could be exploited to result in stack-based buffer overflows, for instance by tricking a user to open a manipulated torrent file. The vulnerabilities are confirmed in versions 2.5 Build 758 and 3.0 Build 844. Other versions might also be affected.

3) A boundary error in the Remote Control Server while processing "Authorization" headers in HTTP requests could be exploited to result in a stack-based buffer overflow through an HTTP request. It includes an overly long "Authorization" header. The vulnerability is confirmed in versions 2.5 Build 758 and 3.0 Build 844. Other versions might also be affected.

It is important for users to know that the vendor mentioned that the remote control service could be used to connect remotely to the system over the Internet. Still, since basic authorization is used to transmit credentials, users should be aware that anyone able to intercept the traffic is able to obtain knowledge of the username and password.

4) A boundary error while parsing tracker URLs from torrent files could be exploited to result in a stack-based buffer overflow, for instance by tricking a user to open a malicious torrent file. The vulnerability is confirmed in version 3.0 Build 844. Other versions might also be affected.

5) A boundary error while parsing comments from torrent files could be exploited to result in a stack-based buffer overflow, for instance by tricking a user to open a malicious torrent file. The vulnerability is confirmed in version 3.0 Build 844. Other versions might also be affected.

Has your system been affected by these particular vulnerabilities? If so, now you are able to solve this security issue by upgrading your installations to the latest version of the software program. Great news, isn't it? We strongly encourage you to update to version 3.0 build 848. After updating your installations, you will be able to safely use the wonderful, Free Download Manager.