AceFTP LIST Command Directory Traversal Vulnerability

Summary
The host is installed with AceFTP and is prone to Directory Traversal Vulnerability.
Impact
Successful exploitation allows attackers to execute arbitrary code by tricking a user into downloading a directory containing files with specially crafted filenames from a malicious FTP server. Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. A workaround is to avoid downloading files and directories from untrusted FTP servers. For updates refer to http://software.visicommedia.com/en/products/
Insight
The flaw is due to input validation errors when processing FTP responses to a LIST command. These can be exploited by attackers when downloading the directories containing files with directory traversal specifiers in the filename.
Affected
Visicom Medias AceFTP Freeware/Pro Version 3.80.3 and prior on W Windows
References