CVE-2018-25304

HIGH 8.4

Free Download Manager 2.0 Built 417 Local Buffer Overflow SEH

CVSS Score

8.4

EPSS Score

0.0%

EPSS Percentile

0th

Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation. Attackers can craft a malicious URL file that, when imported through the File > Import > Import lists of downloads menu, causes a buffer overflow in the Location header response that overwrites the SEH chain and executes arbitrary code.

CWE	CWE-120
Vendor	filehippo
Product	free download manager
Published	Apr 29, 2026

Stay Ahead of the Next One

Get instant alerts for filehippo free download manager

Be the first to know when new high vulnerabilities affecting filehippo free download manager are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Filehippo / Free Download Manager

2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/44499 filehippo.com: https://filehippo.com/download_free_download_manager/925/ vulncheck.com: https://www.vulncheck.com/advisories/free-download-manager-built-417-local-buffer-overflow-seh

Credits

Marwan Shamel