CVE-2020-28964: 
Tonec Internet Download Manager vulnerability analysis and mitigation

Internet Download Manager (IDM) version 6.37.11.1 was discovered to contain a stack buffer overflow vulnerability in the Search function. The vulnerability was disclosed on April 27, 2020, and affects the core functionality of the software. This security issue allows local attackers to escalate process privileges through unspecified vectors (Vulnerability Lab, NVD).

The vulnerability exists in two main components of IDM: the Search function in the downloads menu and the Export/Import function in the tasks menu. The Search function lacks secure restrictions in the requested search variable inputs, while the Export/Import function fails to properly validate *.ef2 file contents and length restrictions. The vulnerability has a CVSS v3 Base Score of 7.1, indicating high severity. Exploitation requires low privileges or a restricted system user account and can be executed without user interaction (Vulnerability Lab).

Successful exploitation of these vulnerabilities allows attackers to overwrite registers of the process, potentially leading to system compromise and elevation of local process privileges. This can result in unauthorized access to the local computer system or file system (Vulnerability Lab).

Users should upgrade to a version newer than IDM 6.37.11.1. The vulnerability was reported to the vendor and addressed in subsequent releases (Vulnerability Lab).