CVE-2009-0183
published 2009-02-03CVE-2009-0183: Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute…
PriorityP275critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
66.53%
99.2th percentile
Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| free_download_manager | free_download_manager | — | — |
| free_download_manager | free_download_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x81\xc4\xff\xef\xff\xff\x44
- →Detect exploitation attempts by inspecting HTTP requests for an oversized Authorization header (>1012 bytes) sent to the FDM Remote Control Server (default port 80). The header value will be Base64-encoded and abnormally long. ↗
- →Fingerprint the FDM Remote Control Server by matching the HTTP banner/body against the pattern 'FDM Remote control server' or 'Free Download Manager' (case-insensitive) to identify exposed targets. ↗
- →The PoC sends a buffer of 3000 'D' characters in the Authorization header. Look for HTTP requests containing Authorization headers with long repeated-character sequences (e.g., 'DDDD...') as a crash/DoS indicator. ↗
- →The Metasploit module prepends a stack-adjustment stub (\x81\xc4\xff\xef\xff\xff\x44) before the payload encoder. Scan Authorization header content decoded from Base64 for this byte sequence. ↗
- →The exploit targets the extra URL path /compdlds.req on the FDM Remote Control Server. Monitor for HTTP requests to this path as a sign of reconnaissance or exploitation. ↗
- ·The Metasploit module hard-codes a single return address target (0x0040ae0f in fdmwi.exe) valid only for FDM 2.5 Build 758; the PoC also covers FDM 3.0 Build 844 but no separate RET address is provided for that build. ↗
- ·The payload bad characters exclude \x0d and \x0a (CR/LF), which are HTTP header delimiters; any shellcode used must avoid these bytes. ↗
- ·The exploit payload space is limited to 600 bytes; shellcode exceeding this size will not fit within the overflow buffer. ↗
- ·EXITFUNC is set to 'thread', meaning the exploit terminates only the handler thread rather than the whole process, which affects post-exploitation stability assumptions. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Free Download Manager 2.5 Build 758 - Remote Control Server Buffer Overflow (Metasploit)
exploitdb·2010-07-13
CVE-2009-0183 Free Download Manager 2.5 Build 758 - Remote Control Server Buffer Overflow (Metasploit)
Free Download Manager 2.5 Build 758 - Remote Control Server Buffer Overflow (Metasploit)
---
##
# $Id: fdm_auth_header.rb 9812 2010-07-13 22:11:40Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 FDM remote control server
# w/o auth: Free Download Manager remote control server.
# Version 1.0.
# Extra url: /compdlds.req
HttpFingerprint = { :pattern => [ /(FDM Remote control server|Free Download Manager)/i ] } # XXX: A custom body check would be nice too
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_
Exploit-DB
Free Download Manager 2.5/3.0 - Authorisation Stack Buffer Overflow (PoC)
exploitdb·2009-02-04·CVSS 10.0
CVE-2009-0183 [CRITICAL] Free Download Manager 2.5/3.0 - Authorisation Stack Buffer Overflow (PoC)
Free Download Manager 2.5/3.0 - Authorisation Stack Buffer Overflow (PoC)
---
#!usr/bin/perl -w
#######################################################################################
# Stack-based buffer overflow in Remote Control Server in Free Download Manager
# (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute
# arbitrary code via a long Authorization header in an HTTP request.
# Refer:
# http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0183
#
# To run this exploit on MS Windows replace "#!usr/bin/perl -w" with
# "#!Installation_path_for_perl -w" (say #!C:/Program Files/Perl/bin/perl -w)
#
#$$$$$This was strictly written for educational purpose. Use it at your own risk.$$$$$
#$$$$$Author will not bare any responsibility for any damages watsoever.$$$$$$
Metasploit
Free Download Manager Remote Control Server Buffer Overflow
metasploit
Free Download Manager Remote Control Server Buffer Overflow
Free Download Manager Remote Control Server Buffer Overflow
This module exploits a stack buffer overflow in Free Download Manager Remote Control 2.5 Build 758. When sending a specially crafted Authorization header, an attacker may be able to execute arbitrary code.
No writeups or analysis indexed.
http://osvdb.org/51745http://secunia.com/advisories/33524http://secunia.com/secunia_research/2009-3/http://www.securityfocus.com/archive/1/500604/100/0/threadedhttp://www.securityfocus.com/bid/33554http://www.vupen.com/english/advisories/2009/0302https://www.exploit-db.com/exploits/7986http://osvdb.org/51745http://secunia.com/advisories/33524http://secunia.com/secunia_research/2009-3/http://www.securityfocus.com/archive/1/500604/100/0/threadedhttp://www.securityfocus.com/bid/33554http://www.vupen.com/english/advisories/2009/0302https://www.exploit-db.com/exploits/7986
2009-02-03
Published