Vulnerabilities

Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 torrent parsing... (PC1-2009-0387)

Vulnerability chart	Risk level Low Medium High Extreme Severe Warning: security vulnerability level = severe 1 vulnerability found since 3 February, 2009. The software is defined as an effective, simple-to-use and free download... more 1 files found: fdm.exe... more Multiple buffer overflow vulnerabilities were found in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844.
Remote Access Yes, patch is available Patch is easy to implement

Description:	By using multiple buffer overflow vulnerabilities in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844, remote attackers are enabled to execute arbitrary code in the three ways listed below: (1) through a long file name within a torrent file; (2) through a long tracker URL in a torrent file; (3) through a long comment in a torrent file.
Impact:	This type of vulnerability gives administrator access. Also, it permits complete confidentiality, integrity, and availability violation. Moreover, it enables unauthorized revelation of information and interruption of service.
Solution:	We recommend users to upgrade to the latest version of the software product.
References:	http://www.frsirt.com/english/advisories/2009/0302 http://www.securityfocus.com/bid/33555 http://www.securityfocus.com/archive/1/archive/1/500605/100/0/threaded http://secunia.com/secunia_research/2009-5/ http://secunia.com/advisories/33524

CVSS Severity		CVSS Version 2 Metrics:
CVSS v2 Base Score:	9.3 (HIGH)	Access Vector:	N/A
Impact Subscore:	10.0	Access Complexity:	Medium
Exploitability Subscore:	8.6	Authentication:	Not required to exploit
		Impact Type:	Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service