CVE-2009-0183

Free Download Manager <3.0.844 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-0183. PoCs published by Metasploit, Praveen Darshanam, MC, including Metasploit module exploits/windows/http/fdm_auth_header.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in Free Download Manager Remote Control 2.5 Build 758 via a maliciously crafted Authorization header. It leverages a base64-encoded payload to achieve remote code execution.

Description

Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16777

This exploit targets a stack buffer overflow in Free Download Manager Remote Control 2.5 Build 758 via a maliciously crafted Authorization header. It leverages a base64-encoded payload to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Free Download Manager Remote Control 2.5 Build 758
No auth needed
Prerequisites: Network access to the target service · Target service running Free Download Manager Remote Control 2.5 Build 758
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Praveen Darshanam · perldoswindows
https://www.exploit-db.com/exploits/7986

This exploit targets a stack-based buffer overflow in Free Download Manager's Remote Control Server via a long Authorization header in an HTTP request. It sends a maliciously crafted HTTP GET request with an oversized Authorization header to trigger the vulnerability.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Free Download Manager 2.5 Build 758 and 3.0 Build 844
No auth needed
Prerequisites: Network access to the target's Remote Control Server on port 80
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/fdm_auth_header.rb

This Metasploit module exploits a stack buffer overflow in Free Download Manager Remote Control 2.5 Build 758 via a maliciously crafted Authorization header. It achieves remote code execution by overwriting the return address and executing shellcode.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Free Download Manager Remote Control 2.5 Build 758
No auth needed
Prerequisites: Network access to the target server · Target service running Free Download Manager Remote Control 2.5 Build 758
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33554
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/500604/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7986
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2009-3/
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33524
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/51745
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0302

Scores

EPSS 0.6653
EPSS Percentile 99.2%

Details

CWE
CWE-119
Status published
Products (2)
free_download_manager/free_download_manager 2.5
free_download_manager/free_download_manager 3.0
Published Feb 03, 2009
Tracked Since Feb 18, 2026