Internet Download Manager =< 4.05 universal remote overflow Exploit

vendor:

Internet Download Manager

by:

c0d3r

7.5

CVSS

HIGH

Remote Overflow

CWE

Product Name: Internet Download Manager

Affected Version From: Internet Download Manager <= 4.05

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows

Internet Download Manager =< 4.05 universal remote overflow Exploit

This exploit allows an attacker to create a malicious HTML file that is linked to an evil download offer. By exploiting a bug in the Internet Download Manager, the attacker can execute arbitrary code on the victim's system. The exploit uses Structured Exception Handling (SEH) and is designed to work on all Windows 2000 and Windows XP systems. The exploit has been tested on Windows XP SP1 and Windows 2000 Server SP4. The exploit code can be compiled using MS Visual C++ 6.

Mitigation:

Upgrade Internet Download Manager to a version higher than 4.05 or use an alternative download manager.

Source

Internet Download Manager =< 4.05 universal remote overflow Exploit

Mitigation:

Exploit-DB raw data: