CVE-2014-2087

Free Download Manager <3.9.3-3.0 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2087. PoCs published by Julien Ahrens.

AI-analyzed exploit summary The exploit demonstrates a stack-based buffer overflow in Free Download Manager via a crafted HTTP 301 redirect response. The PoC sends an overly long 'Location' header to trigger the vulnerability in the `CDownloads_Deleted::UpdateDownload` function, leading to potential remote code execution.

Description

Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.cpp in Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name, which is then deleted from the download queue by the user.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Julien Ahrens · textdoswindows

https://www.exploit-db.com/exploits/32332

View Code ZIP pw:eip

The exploit demonstrates a stack-based buffer overflow in Free Download Manager via a crafted HTTP 301 redirect response. The PoC sends an overly long 'Location' header to trigger the vulnerability in the `CDownloads_Deleted::UpdateDownload` function, leading to potential remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Free Download Manager v3.9.3 build 1360 and earlier

No auth needed

Prerequisites: Network access to the target · Target application must process a malicious HTTP 301 redirect

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/66211

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/531465/100/0/threaded

Exploit x_refsource_misc

https://www.rcesecurity.com/2014/03/cve-2014-2087-free-download-manager-cdownloads_deleted-updatedownload-remote-code-execution

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Mar/137

Scores

EPSS 0.1673

EPSS Percentile 96.6%

Details

CWE

CWE-119

Status published

Products (2)

freedownloadmanager/free_download_manager 3.8

freedownloadmanager/free_download_manager 3.9.3

Published Mar 18, 2014

Tracked Since Feb 18, 2026