{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/free-download-manager-2.0/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.4,"id":"CVE-2018-25304"}],"_cs_exploited":false,"_cs_products":["Free Download Manager 2.0"],"_cs_severities":["critical"],"_cs_tags":["buffer-overflow","seh-overwrite","code-execution","cve-2018-25304"],"_cs_type":"advisory","_cs_vendors":["Free Download Manager"],"content_html":"\u003cp\u003eFree Download Manager (FDM) version 2.0 Built 417 is susceptible to a local buffer overflow vulnerability (CVE-2018-25304) within its URL import functionality. This vulnerability, discovered and reported by VulnCheck, allows an attacker to craft a malicious URL file. When a user imports this specially crafted file through the \u0026ldquo;File \u0026gt; Import \u0026gt; Import lists of downloads\u0026rdquo; menu, the application attempts to process the \u0026lsquo;Location\u0026rsquo; header response, triggering a buffer overflow. This overflow overwrites the Structured Exception Handler (SEH) chain, enabling the attacker to execute arbitrary code within the context of the FDM process. This vulnerability can be exploited locally by tricking a user into importing a malicious file.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious \u003ccode\u003e.url\u003c/code\u003e file containing an overly long \u003ccode\u003eLocation\u003c/code\u003e header value designed to cause a buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe victim is convinced to download the malicious \u003ccode\u003e.url\u003c/code\u003e file (e.g., through social engineering).\u003c/li\u003e\n\u003cli\u003eThe victim opens Free Download Manager 2.0 Built 417.\u003c/li\u003e\n\u003cli\u003eThe victim navigates to \u0026ldquo;File \u0026gt; Import \u0026gt; Import lists of downloads\u0026rdquo; within FDM.\u003c/li\u003e\n\u003cli\u003eThe victim selects the downloaded malicious \u003ccode\u003e.url\u003c/code\u003e file and initiates the import process.\u003c/li\u003e\n\u003cli\u003eFDM parses the malicious \u003ccode\u003e.url\u003c/code\u003e file and attempts to process the long \u003ccode\u003eLocation\u003c/code\u003e header.\u003c/li\u003e\n\u003cli\u003eThe excessively long \u003ccode\u003eLocation\u003c/code\u003e header causes a buffer overflow, overwriting the SEH chain.\u003c/li\u003e\n\u003cli\u003eWhen an exception is triggered (due to the overflow), the overwritten SEH chain is used to redirect execution to attacker-controlled code, resulting in arbitrary code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this buffer overflow vulnerability allows an attacker to execute arbitrary code on the victim\u0026rsquo;s system with the privileges of the Free Download Manager process. This could lead to complete system compromise, data theft, or installation of malware. While specific victim counts are unavailable, the vulnerability poses a significant risk to users of Free Download Manager 2.0 Built 417.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor for process creation events originating from Free Download Manager after importing a \u003ccode\u003e.url\u003c/code\u003e file to detect potential exploitation attempts (see Sigma rule \u0026ldquo;Detect Free Download Manager Suspicious Process Creation After Import\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eImplement file integrity monitoring (FIM) on the Free Download Manager executable directory to detect unauthorized modifications potentially related to exploitation.\u003c/li\u003e\n\u003cli\u003eConsider using application control solutions to restrict the execution of unsigned or untrusted code within the Free Download Manager process.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T20:16:25Z","date_published":"2026-04-29T20:16:25Z","id":"/briefs/2026-04-fdm-buffer-overflow/","summary":"Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation, leading to arbitrary code execution.","title":"Free Download Manager 2.0 Built 417 Local Buffer Overflow Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-fdm-buffer-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Free Download Manager 2.0","version":"https://jsonfeed.org/version/1.1"}