PT-2021-10832 · Tonec · Internet Download Manager
Benjamin Kunz Mejri
·
Published
2021-10-22
·
Updated
2022-10-26
·
CVE-2020-23060
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Internet Download Manager version 6.37.11.1
Description
The issue is related to a stack buffer overflow in the Export/Import function, allowing attackers to escalate local process privileges via a crafted ef2 file.
Recommendations
For Internet Download Manager version 6.37.11.1, consider disabling the Export/Import function as a temporary workaround until a patch is available. Restrict access to the ef2 file type to minimize the risk of exploitation.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Internet Download Manager