CVE-2014-2206

GetGo Download Manager <4.9.0.1982 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long HTTP Response Header.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Julien Ahrens · pythonremotewindows

https://www.exploit-db.com/exploits/32132

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Julien Ahrens, Gabor Seljan, bzyo, sinn3r · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/getgodm_http_response_bof.rb

View Code ZIP pw:eip

References (3)

[Exploit] http://www.rcesecurity.com/2014/03/cve-2014-2206-getgo-download-manager-http-response-header-buffer-overflow-remote-code-execution

[Exploit] http://www.securityfocus.com/bid/65913

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/531326/100/0/threaded

Scores

EPSS 0.7664

EPSS Percentile 98.9%

Classification

CWE

CWE-119

Status draft

Affected Products (3)

getgosoft/getgo_download_manager < 4.4.5.502

getgosoft/getgo_download_manager

Timeline

Published Mar 05, 2014

Tracked Since Feb 18, 2026