CVE-2020-23060: 
Tonec Internet Download Manager vulnerability analysis and mitigation

Internet Download Manager (IDM) version 6.37.11.1 was discovered to contain a stack buffer overflow vulnerability in the Export/Import function. The vulnerability was disclosed on April 27, 2020, and was assigned CVE-2020-23060. This security flaw affects the IDM software's Export/Import functionality when handling .ef2 files (VulnerabilityLab).

The vulnerability is a stack-based buffer overflow that occurs in the Export/Import function when processing .ef2 files. The issue stems from insufficient validation of the ef2 filetype context, which lacks proper length restrictions. Local attackers can exploit this by importing manipulated .ef2 files with crafted referer and source URL values to overwrite the EIP register. The vulnerability has been assigned a CVSS score of 7.1, indicating a high severity level (VulnerabilityLab).

Successful exploitation of this vulnerability allows attackers to escalate local process privileges and potentially compromise the computer system or process. The buffer overflow can lead to arbitrary code execution within the context of the affected application, potentially giving attackers control over the system (VulnerabilityLab).

Users should upgrade to a version newer than 6.37.11.1 of Internet Download Manager. The exact patched version is not specified in the available sources. Until an update can be applied, users should exercise caution when importing .ef2 files from untrusted sources (VulnerabilityLab).