AmmSoft's ScriptFTP client is susceptible to a remote buffer overflow vulnerability that is triggered when processing a sufficiently long filename during a FTP LIST command.
An attacker can setup a malicious FTP server that will exploit the vulnerability to cause a denial-of-service crash or may execute arbitrary code on the client's computer with the permissions of the ScriptFTP client user.
We are currently unaware of a practical solution to this problem.
Do not connect to untrusted FTP servers.
Thanks to Tom Gregory for reporting this vulnerability.
This document was written by Jared Allar.
|Date First Published:
|Date Last Updated:
|2011-09-20 17:23 UTC