CVE-2014-2087

Name of the Vulnerable Software and Affected Versions Free Download Manager versions 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier

Description The issue is related to a stack-based buffer overflow in the CDownloads Deleted::UpdateDownload function. This allows remote attackers to execute arbitrary code via a long file name, which is then deleted from the download queue by the user.

Recommendations For Free Download Manager versions 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier, consider avoiding the use of long file names in the download queue until a fix is available. As a temporary workaround, restrict the ability to delete files from the download queue to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.