Secunia Research has discovered a vulnerability in Free Download Manager, which can be exploited by malicious people to compromise a user’s system. The “name” attribute of the “file” element of metalink files is not properly sanitised before being used to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. Free Download Manager version 3.0 build 850 is affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/89526/secunia-fdmml.txt
Source: https://packetstormsecurity.com/files/89526/Free-Download-Manager-metalink-name-Directory-Traversal.html