Internet Download Manager
by Tonec Inc.
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-4508 | 0.03 | — | 0.06 | Oct 9, 2008 | Stack-based buffer overflow in the file parsing function in Tonec Internet Download Manager, possibly 5.14 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AppleDouble file containing a long string. … | |||
| CVE-2005-2210 | 0.03 | — | 0.04 | Jul 11, 2005 | Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL. | |||
| CVE-2010-0995 | 0.01 | — | 0.07 | May 6, 2010 | Stack-based buffer overflow in Internet Download Manager (IDM) before 5.19 allows remote attackers to execute arbitrary code via a crafted FTP URI that causes unspecified "test sequences" to be sent from client to server. | |||
| CVE-2025-56231 | 0.00 | — | 0.00 | Nov 5, 2025 | Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections. |
- CVE-2008-4508Oct 9, 2008risk 0.03cvss —epss 0.06
Stack-based buffer overflow in the file parsing function in Tonec Internet Download Manager, possibly 5.14 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AppleDouble file containing a long string. …
- CVE-2005-2210Jul 11, 2005risk 0.03cvss —epss 0.04
Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL.
- CVE-2010-0995May 6, 2010risk 0.01cvss —epss 0.07
Stack-based buffer overflow in Internet Download Manager (IDM) before 5.19 allows remote attackers to execute arbitrary code via a crafted FTP URI that causes unspecified "test sequences" to be sent from client to server.
- CVE-2025-56231Nov 5, 2025risk 0.00cvss —epss 0.00
Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections.