CVE-2011-5012

Attachmate Reflection - Memory Corruption

Title source: rule

Description

Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206, allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command.

Exploits (1)

exploitdb WORKING POC

by Francis Provencher · rubydoswindows

https://www.exploit-db.com/exploits/18119

View Code ZIP pw:eip

References (9)

[Various Sources] http://support.attachmate.com/techdocs/1708.html

[Exploit] http://www.exploit-db.com/exploits/18119

[Various Sources] http://support.attachmate.com/techdocs/2502.html

[Vendor Advisory] http://secunia.com/advisories/46879

[Various Sources] http://support.attachmate.com/techdocs/2288.html

[Third Party Advisory, VDB Entry] http://www.osvdb.org/77189

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1026340

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/71330

[Various Sources] http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=29&Itemid=29

Scores

EPSS 0.2594

EPSS Percentile 96.3%

Details

CWE

CWE-119

Status published

Products (6)

attachmate/reflection 7.2 sp1

attachmate/reflection 14.1 sp1

attachmate/reflection_2008

attachmate/reflection_2008r1 sp1

attachmate/reflection_2008r2

attachmate/reflection_2011r1

Published Dec 25, 2011

Tracked Since Feb 18, 2026