Home

Description

Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data exceeding 5000 bytes into the 'Open the following file when done' field to trigger a denial of service condition.

PUBLISHED Reserved 2026-05-15 | Published 2026-05-16 | Updated 2026-05-18 | Assigner VulnCheck




MEDIUM: 6.9CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
MEDIUM: 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

6.38.12
affected

Credits

Vincent Wolterman finder

References

www.exploit-db.com/exploits/49083 (ExploitDB-49083) exploit

www.internetdownloadmanager.com/ (Official Product Homepage) product

www.internetdownloadmanager.com/download.html (Product Reference) product

www.vulncheck.com/...nload-manager-scheduler-buffer-overflow (VulnCheck Advisory: Internet Download Manager 6.38.12 Scheduler Buffer Overflow) third-party-advisory

cve.org (CVE-2020-37234)

nvd.nist.gov (CVE-2020-37234)

Download JSON