Reported June 09, 2003, by ::Operash::.

 

 

VERSIONS AFFECTED

 

  • SmartFTP FTP Client for Windows version 1.0.973

 

DESCRIPTION

 

Two buffer-overflow vulnerabilities in SmartFTP FTP Client for Windows can result in the execution of arbitrary code on the vulnerable computer. These two vulnerabilities consist of the following:
 
·         If a server responds to a PWD command request with a reply to that contains a long address, a buffer overflow occurs on the stack area. 
·         If a server returns a File List that contains a long string, the buffer overrun occurs on the heap area. 
 

VENDOR RESPONSE

 

SmartFTP has released version 1.0.976, which doesn't contain these vulnerabilities.

 

CREDIT                                                                                                       
Discovered by :: Operash ::.