Description
Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.cpp in Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name, which is then deleted from the download queue by the user.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Julien Ahrens · textdoswindows
https://www.exploit-db.com/exploits/32332
References (4)
Core 4
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66211
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/531465/100/0/threaded
Exploit x_refsource_misc
https://www.rcesecurity.com/2014/03/cve-2014-2087-free-download-manager-cdownloads_deleted-updatedownload-remote-code-execution
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Mar/137
Scores
EPSS
0.3683
EPSS Percentile
97.2%
Details
CWE
CWE-119
Status
published
Products (2)
freedownloadmanager/free_download_manager
3.8
freedownloadmanager/free_download_manager
3.9.3
Published
Mar 18, 2014
Tracked Since
Feb 18, 2026