CVE-2011-5164

Vandyke Absoluteftp - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in VanDyke Software AbsoluteFTP 1.9.6 through 2.2.10 allows remote FTP servers to execute arbitrary code via a crafted file name in a LIST command response.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Node · rubyremotewindows

https://www.exploit-db.com/exploits/18102

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Node · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/absolute_ftp_list_bof.rb

View Code ZIP pw:eip

References (5)

[Exploit] http://www.exploit-db.com/exploits/18102

[Vendor Advisory] http://secunia.com/advisories/46781

[Various Sources] http://www.saintcorporation.com/cgi-bin/exploit_info/vandyke_absoluteftp_list_client_overflow

[Third Party Advisory, VDB Entry] http://www.osvdb.org/77105

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/50614

Scores

EPSS 0.5554

EPSS Percentile 98.1%

Details

CWE

CWE-119

Status published

Products (14)

vandyke/absoluteftp 1.9.6

vandyke/absoluteftp 2.0.3

vandyke/absoluteftp 2.0.4

vandyke/absoluteftp 2.0.5

vandyke/absoluteftp 2.2.1

vandyke/absoluteftp 2.2.2

vandyke/absoluteftp 2.2.3

vandyke/absoluteftp 2.2.4

vandyke/absoluteftp 2.2.5

vandyke/absoluteftp 2.2.6

... and 4 more

Published Sep 15, 2012

Tracked Since Feb 18, 2026