CVE-2020-24397
Description
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in Zoho ManageEngine Desktop Central client (10.0.0.SP-534) allows an attacker-controlled server to trigger a heap-based buffer overflow and achieve remote code execution as SYSTEM.
Vulnerability
The vulnerability exists in the client side of Zoho ManageEngine Desktop Central version 10.0.0.SP-534. An integer overflow occurs in the functions InternetSendRequestEx and InternetSendRequestByBitrate due to improper handling of header values [2]. This leads to a heap-based buffer overflow.
Exploitation
An attacker must control a server that the Desktop Central client connects to. By sending crafted responses, the attacker triggers the integer overflow, causing a heap-based buffer overflow. No authentication from the attacker is required, but the client must connect to the malicious server.
Impact
Successful exploitation allows the attacker to execute arbitrary code on the client machine with SYSTEM privileges, leading to full compromise of the endpoint.
Mitigation
The vulnerability is fixed in Endpoint Central build 10.0.561 [2]. Users should update to this build or later. The vulnerability does not affect cloud editions of Endpoint Central, Patch Manager Plus, and Remote Access Plus [2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Zoho/ManageEngine Desktop Centraldescription
- Range: = 10.0.0.SP-534
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.manageengine.com/products/desktop-central/mitrex_refsource_MISC
- www.manageengine.com/products/desktop-central/integer-overflow-vulnerability.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.