CVE-2020-23060 – Internet Download Manager 6.37.11.1 contains a ... (How to Fix)

Q: What is the severity of CVE-2020-23060?

CVE-2020-23060 has a CVSS score of 7.1 (HIGH). Internet Download Manager 6.37.11.1 contains a stack buffer overflow vulnerability in its Export/Import function. Attackers can exploit this by tricking users into opening a crafted .ef2 file, potentially allowing local privilege escalation. This affects users running the vulnerable version of Internet Download Manager.

📋 TL;DR

Internet Download Manager 6.37.11.1 contains a stack buffer overflow vulnerability in its Export/Import function. Attackers can exploit this by tricking users into opening a crafted .ef2 file, potentially allowing local privilege escalation. This affects users running the vulnerable version of Internet Download Manager.

💻 Affected Systems

Products:

Internet Download Manager

Versions: 6.37.11.1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific version mentioned; requires user interaction to open malicious .ef2 file.

📦 What is this software?

Internet Download Manager by Tonec

View all CVEs affecting Internet Download Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via local privilege escalation to SYSTEM/root level, enabling complete control over the affected system.

🟠

Likely Case

Local privilege escalation allowing attackers to execute arbitrary code with elevated privileges on the compromised system.

🟢

If Mitigated

Limited impact if proper application whitelisting and user privilege restrictions are in place, preventing execution of malicious files.

🌐 Internet-Facing: LOW - This requires local access or user interaction with malicious files, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Requires user interaction with malicious .ef2 files, but could be exploited via phishing or shared drives within an organization.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user to open a crafted .ef2 file; proof-of-concept details are publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.37.12 and later

Vendor Advisory: https://www.internetdownloadmanager.com/news.html

Restart Required: Yes

Instructions:

1. Open Internet Download Manager. 2. Click 'Help' menu. 3. Select 'Check for updates'. 4. Follow prompts to download and install latest version. 5. Restart the application.

🔧 Temporary Workarounds

Disable .ef2 file association

windows

Remove or modify file association for .ef2 files to prevent automatic opening with Internet Download Manager

Control Panel > Default Programs > Associate a file type or protocol with a program > Select .ef2 > Change program

Restrict user privileges

windows

Run Internet Download Manager with standard user privileges instead of administrative rights

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized programs
Educate users to avoid opening .ef2 files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Internet Download Manager version in Help > About; if version is 6.37.11.1, system is vulnerable.

Check Version:

Not applicable - check via application GUI Help > About

Verify Fix Applied:

Verify version is 6.37.12 or higher in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from IDM process
Access to suspicious .ef2 files

Network Indicators:

Not applicable - local exploitation only

SIEM Query:

Process creation where parent_process contains 'idman.exe' AND (process_name contains 'cmd.exe' OR process_name contains 'powershell.exe')

📊 Metadata

CVE ID: CVE-2020-23060

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-787

Published: October 22, 2021

Last Updated: November 21, 2024

🔗 References

https://cwe.mitre.org/data/definitions/121.html Third Party Advisory
https://www.vulnerability-lab.com/get_content.php?id=2236 Exploit,Third Party Advisory
https://cwe.mitre.org/data/definitions/121.html Third Party Advisory
https://www.vulnerability-lab.com/get_content.php?id=2236 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-23060, you might also want to check these: