ALFTP Insecure Executable File Loading Vulnerability Network Vulnerability

Summary

This host is installed with ALFTP and is prone to insecure executable file loading vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code. Impact Level: System/Application

Solution

Upgrade to the ALFTP version 5.31 or later, For updates refer to http://www.altools.jp/download/ALFTP.aspx

Insight

The flaw is due to the application loading executables (readme.exe) in an insecure manner. This can be exploited to run an arbitrary program by tricking a user into opening a file located on a remote WebDAV or SMB share.

Affected

ALFTP version prior to 5.31

References

http://jvn.jp/en/jp/JVN85695061/995223/index.html
http://jvn.jp/en/jp/JVN85695061/index.html
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000011.html
http://secunia.com/advisories/48027/

Updated on 2017-03-28

Severity

Classification

CVE CVE-2012-0315

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Mac OS X)
Adobe AIR Multiple Vulnerabilities -02 April 13 (Mac OS X)
Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
Adobe Dreamweaver Insecure Library Loading Vulnerability
Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability

Take action and discover your vulnerabilities