Reported June
09, 2003, by ::Operash::.
VERSIONS
AFFECTED
SmartFTP FTP Client for
Windows version 1.0.973
DESCRIPTION
VENDOR
RESPONSE
CREDIT
Two buffer-overflow vulnerabilities in SmartFTP FTP Client for Windows can result in the execution of arbitrary code on the vulnerable computer. These two vulnerabilities consist of the following:
· If a server responds to a PWD command request with a reply to that contains a long address, a buffer overflow occurs on the stack area.
· If a server returns a File List that contains a long string, the buffer overrun occurs on the heap area.
SmartFTP has released version 1.0.976, which doesn't contain these vulnerabilities.
Discovered by
:: Operash ::.
Multiple Buffer Overflow Vulnerabilities in SmartFTP FTP Client for Windows
0 comments
Hide comments