Reported June
09, 2003, by ::Operash::.
VERSIONS
AFFECTED
FlashFXP FTP Client for
Windows version 2.0 build 905
DESCRIPTION
VENDOR
RESPONSE
CREDIT
Two buffer-overflow vulnerabilities in FlashFXP FTP Client for Windows can result in the execution of arbitrary code on the vulnerable computer. These two vulnerabilities consist of the following:
· A buffer overflow occurs on the stack area if a server replies to a PASV command request with a long string. If a user connects to a malicious server, an attacker can exploit the vulnerability to execute arbitrary code on the vulnerable system.
· A buffer overflow occurs on the stack area if a long host name is specified as destination server. If a user copies a malicious manipulated URL with the Clipboard Monitor function enabled, an attacker can exploit the vulnerability to execute arbitrary code on the vulnerable system.
FlashFXP has released version 2.1, which doesn't contain these vulnerabilities.
Discovered by
:: Operash ::.
Multiple Buffer Overflow Vulnerabilities in FlashFXP FTP Client for Windows
0 comments
Hide comments