Login Sign Up

CVE-2020-28967

8.8 HIGH
Buffer Overflow

📋 TL;DR

CVE-2020-28967 is a buffer overflow vulnerability in FlashGet download manager that allows local attackers to execute arbitrary code with elevated privileges. This affects users running FlashGet v1.9.6 on Windows systems. Attackers can exploit this by manipulating the current path directory function to overwrite registers and gain system-level access.

💻 Affected Systems

Products:
  • FlashGet
Versions: v1.9.6
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects FlashGet version 1.9.6. Earlier versions may also be vulnerable but not confirmed.

📦 What is this software?

Flashget by Flashget

View all CVEs affecting Flashget →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative privileges, allowing installation of persistent malware, data theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation leading to unauthorized system access, potentially enabling ransomware deployment or credential harvesting.

🟢

If Mitigated

Limited impact with proper privilege separation and application sandboxing, though local code execution may still be possible.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.
🏢 Internal Only: HIGH - Internal users with local access can exploit this to gain elevated privileges and potentially compromise the entire system.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access to the system. The vulnerability is well-documented with technical details available in public references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.9.7 or later

Vendor Advisory: https://www.flashget.com/security-advisory

Restart Required: Yes

Instructions:

1. Download latest FlashGet version from official website. 2. Uninstall current version. 3. Install updated version. 4. Restart system to ensure complete patch application.

🔧 Temporary Workarounds

Remove FlashGet

windows

Uninstall FlashGet completely to eliminate the vulnerability

Control Panel > Programs > Uninstall a program > Select FlashGet > Uninstall

Restrict User Privileges

windows

Run FlashGet with limited user account privileges to reduce impact

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized FlashGet execution
  • Deploy endpoint detection and response (EDR) solutions to monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check FlashGet version in Help > About menu. If version is 1.9.6, system is vulnerable.

Check Version:

wmic product where name='FlashGet' get version

Verify Fix Applied:

Verify FlashGet version is 1.9.7 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from FlashGet.exe
  • Privilege escalation attempts in Windows Event Logs (Event ID 4688)

Network Indicators:

  • None - this is a local privilege escalation vulnerability

SIEM Query:

source='Windows Security' AND event_id=4688 AND process_name='FlashGet.exe' AND integrity_level_change

📊 Metadata

CVE ID: CVE-2020-28967
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: October 22, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-28967, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)