CVE-2017-17849

CRITICAL

GetGo Download Manager < 5.3.0.2712 - Remote Code Execution via Long HTTP Response

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-17849. PoCs published by Nathu Nandwani, Aloyce J. Makalanga.

AI-analyzed exploit summary This exploit triggers a buffer overflow in GetGo Download Manager 6.2.1.3200 by sending a crafted payload via a socket server, leading to a denial of service (DoS). The payload consists of a large string of 'A's followed by specific patterns to corrupt the SEH chain.

Description

A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.

Exploits (2)

exploitdb WORKING POC

by Nathu Nandwani · pythondoswindows

https://www.exploit-db.com/exploits/45087

View Code ZIP pw:eip

This exploit triggers a buffer overflow in GetGo Download Manager 6.2.1.3200 by sending a crafted payload via a socket server, leading to a denial of service (DoS). The payload consists of a large string of 'A's followed by specific patterns to corrupt the SEH chain.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: GetGo Download Manager 6.2.1.3200

No auth needed

Prerequisites: GetGo Download Manager 6.2.1.3200 installed on the target machine · Network access to the target machine

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Aloyce J. Makalanga · pythondoswindows

https://www.exploit-db.com/exploits/43391

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 via a crafted HTTP response header. It sends a payload with a hardcoded EIP to trigger arbitrary code execution on the target system.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GetGo Download Manager 5.3.0.2712 and earlier

No auth needed

Prerequisites: Network access to the target system · Target system running GetGo Download Manager 5.3.0.2712 or earlier

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45087/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://packetstormsecurity.com/files/145530/GetGo-Download-Manager-5.3.0.2712-Buffer-Overflow.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43391/

Scores

CVSS v3 9.8

EPSS 0.1902

EPSS Percentile 96.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (1)

getgosoft/getgo_download_manager < 5.3.0.2712

Published Dec 27, 2017

Tracked Since Feb 18, 2026