Buffer overflow : Free Download Manager Multiple Buffer Overflow Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801339

Categoría: Buffer overflow

Título: Free Download Manager Multiple Buffer Overflow Vulnerabilities

Resumen: Free Download Manager is prone to multiple buffer overflow vulnerabilities.

Descripción: Summary:
Free Download Manager is prone to multiple buffer overflow vulnerabilities.

Vulnerability Insight:
Multiple buffer overflow errors exist due to boundary errors when,

- opening folders within the 'Site Explorer'

- opening websites in the 'Site Explorer' functionality

- setting the directory on 'FTP' servers

- handling redirects and

- Sanitising the 'name' attribute of the 'file' element of
metalink files before using it to download files.

Vulnerability Impact:
Successful exploitation could allow remote attackers to execute arbitrary code
in the context of the application or to compromise the application and the
underlying computer.

Affected Software/OS:
Free Download Manager version prior to 3.0 build 852 on Windows.

Solution:
Upgrade to version 3.0 build 852.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0998
BugTraq ID: 40146
http://www.securityfocus.com/bid/40146
Bugtraq: 20100513 Secunia Research: Free Download Manager Four Buffer Overflow Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/511282/100/0/threaded
http://secunia.com/secunia_research/2010-68/
http://osvdb.org/64671
http://osvdb.org/64672
http://osvdb.org/64673
http://osvdb.org/64674
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7006
http://secunia.com/advisories/39447
XForce ISS Database: fdm-siteexplorer-bo(58626)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58626
Common Vulnerability Exposure (CVE) ID: CVE-2010-0999
BugTraq ID: 40152
http://www.securityfocus.com/bid/40152
Bugtraq: 20100513 Secunia Research: Free Download Manager metalink "name" Directory Traversal (Google Search)
http://www.securityfocus.com/archive/1/511284/100/0/threaded
http://secunia.com/secunia_research/2010-67/
http://osvdb.org/64670
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7284
XForce ISS Database: fdm-name-directory-traversal(58627)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58627

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801339
Categoría:	Buffer overflow
Título:	Free Download Manager Multiple Buffer Overflow Vulnerabilities
Resumen:	Free Download Manager is prone to multiple buffer overflow vulnerabilities.
Descripción:	Summary: Free Download Manager is prone to multiple buffer overflow vulnerabilities. Vulnerability Insight: Multiple buffer overflow errors exist due to boundary errors when, - opening folders within the 'Site Explorer' - opening websites in the 'Site Explorer' functionality - setting the directory on 'FTP' servers - handling redirects and - Sanitising the 'name' attribute of the 'file' element of metalink files before using it to download files. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code in the context of the application or to compromise the application and the underlying computer. Affected Software/OS: Free Download Manager version prior to 3.0 build 852 on Windows. Solution: Upgrade to version 3.0 build 852. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0998 BugTraq ID: 40146 http://www.securityfocus.com/bid/40146 Bugtraq: 20100513 Secunia Research: Free Download Manager Four Buffer Overflow Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/511282/100/0/threaded http://secunia.com/secunia_research/2010-68/ http://osvdb.org/64671 http://osvdb.org/64672 http://osvdb.org/64673 http://osvdb.org/64674 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7006 http://secunia.com/advisories/39447 XForce ISS Database: fdm-siteexplorer-bo(58626) https://exchange.xforce.ibmcloud.com/vulnerabilities/58626 Common Vulnerability Exposure (CVE) ID: CVE-2010-0999 BugTraq ID: 40152 http://www.securityfocus.com/bid/40152 Bugtraq: 20100513 Secunia Research: Free Download Manager metalink "name" Directory Traversal (Google Search) http://www.securityfocus.com/archive/1/511284/100/0/threaded http://secunia.com/secunia_research/2010-67/ http://osvdb.org/64670 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7284 XForce ISS Database: fdm-name-directory-traversal(58627) https://exchange.xforce.ibmcloud.com/vulnerabilities/58627
Copyright	Copyright (C) 2010 Greenbone AG