Free Download Manager Metalink File Directory Traversal Vulnerability
BID:40152
Info
Free Download Manager Metalink File Directory Traversal Vulnerability
| Bugtraq ID: | 40152 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-0999 |
| Remote: | Yes |
| Local: | No |
| Published: | May 13 2010 12:00AM |
| Updated: | Mar 19 2015 08:12AM |
| Credit: | Stefan Cornelius, Secunia Research |
| Vulnerable: |
Free Download Manager Free Download Manager 3.0.Build 850 Free Download Manager Free Download Manager 3.0.Build 848 Free Download Manager Free Download Manager 3.0.Build 844 Free Download Manager Free Download Manager 2.5 Build 758 |
| Not Vulnerable: |
Free Download Manager Free Download Manager 3.0.Build 852 |
Discussion
Free Download Manager Metalink File Directory Traversal Vulnerability
Free Download Manager is prone to a security vulnerability because the application fails to properly sanitize user-supplied input from metalink files.
This issue can allow attackers to perform attacks such as social engineering to trick users into downloading a malicious file to locations outside of the intended download path. This may lead to further attacks.
Versions prior to Free Download Manager 3.0 build 852 are vulnerable.
Free Download Manager is prone to a security vulnerability because the application fails to properly sanitize user-supplied input from metalink files.
This issue can allow attackers to perform attacks such as social engineering to trick users into downloading a malicious file to locations outside of the intended download path. This may lead to further attacks.
Versions prior to Free Download Manager 3.0 build 852 are vulnerable.
Exploit / POC
Free Download Manager Metalink File Directory Traversal Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Free Download Manager Metalink File Directory Traversal Vulnerability
Solution:
Reportedly, the vendor released updates to address these issues, but Symantec has not confirmed this information. Please see the references and contact the vendor for more information.
Solution:
Reportedly, the vendor released updates to address these issues, but Symantec has not confirmed this information. Please see the references and contact the vendor for more information.
References
Free Download Manager Metalink File Directory Traversal Vulnerability
References:
References:
- Free Download Manager Homepage (Free Download Manager)
- Free Download Manager metalink "name" Directory Traversal (Secunia Research)
- Secunia Research: Free Download Manager metalink "name" Directory Traversal (Secunia Research
)