Vulnerability Details : CVE-2014-2206
Public exploit exists!
Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long HTTP Response Header.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2014-2206
- cpe:2.3:a:getgosoft:getgo_download_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:getgosoft:getgo_download_manager:4.9.0.1982:*:*:*:*:*:*:*
- cpe:2.3:a:getgosoft:getgo_download_manager:4.8.2.1346:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2206
81.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-2206
-
GetGo Download Manager HTTP Response Buffer Overflow
Disclosure Date: 2014-03-09First seen: 2020-04-26exploit/windows/browser/getgodm_http_response_bofThis module exploits a stack-based buffer overflow vulnerability in GetGo Download Manager version 5.3.0.2712 earlier, caused by an overly long HTTP response header. By persuading the victim to download a file from a malicious server, a remote attacker cou
CVSS scores for CVE-2014-2206
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2014-2206
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2206
-
http://www.securityfocus.com/archive/1/531326/100/0/threaded
SecurityFocus
-
http://www.rcesecurity.com/2014/03/cve-2014-2206-getgo-download-manager-http-response-header-buffer-overflow-remote-code-execution
CVE-2014-2206: GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution - RCE SecurityExploit
-
http://www.securityfocus.com/bid/65913
GetGo Download Manager CVE-2014-2206 Stack Buffer Overflow VulnerabilityExploit
Jump to