CuteFTP Heap Based Buffer Overflow Vulnerability Network Vulnerability

Summary

The host is installed with CuteFTP and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code and potentially compromise a user's system. Impact Level: System/Application

Solution

Upgrade to version 8.3.4 or later, For updates refer to http://www.cuteftp.com/downloads

Insight

The flaw is due to error in 'Create New Site' feature when connecting to sites having an overly long label. This can be exploited to corrupt heap memory by tricking a user into importing a malicious site list and connecting to a site having an overly long label.

Affected

CuteFTP Home/Pro/Lite 8.3.3, 8.3.3.54 on Windows.

References

http://secunia.com/advisories/36874
http://www.packetstormsecurity.org/0909-exploits/Dr_IDE-CuteFTP_FTP_8.3.3-PoC.py.txt
http://xforce.iss.net/xforce/xfdb/53487

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3483

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Attachmate Reflection FTP Client LIST Command Remote Heap Buffer Overflow Vulnerability
Asterisk HTTP Manager Buffer Overflow Vulnerability
Adobe Reader/Acrobat Multiple BOF Vulnerabilities - Jun09 (Win)
Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities
BarCodeWiz 'BarcodeWiz.dll' ActiveX Control BOF Vulnerability

Take action and discover your vulnerabilities