PT-2004-2087 · Coffeecup+1 · Coffeecup Free Ftp+2

Publicado

2004-12-01

Atualizado

2017-07-11

CVE-2004-1118

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: WeOnlyDo! ActiveX component versions prior to 2.3.2.97 CoffeeCup Direct FTP version 6.2.0.62 CoffeeCup Free FTP version 3.0.0.10

Description: The issue is a buffer overflow in the WodFtpDLX.ocx ActiveX component. This allows remote attackers to execute arbitrary code via a long filename.

Recommendations: For WeOnlyDo! ActiveX component versions prior to 2.3.2.97, update to version 2.3.2.97 or later. For CoffeeCup Direct FTP version 6.2.0.62, update to a version that uses the patched WeOnlyDo! ActiveX component. For CoffeeCup Free FTP version 3.0.0.10, update to a version that uses the patched WeOnlyDo! ActiveX component.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-1118

Produtos afetados

Coffeecup Direct Ftp

Coffeecup Free Ftp

Weonlydo! Activex

PT-2004-2087 · Coffeecup+1 · Coffeecup Free Ftp+2

CVE-2004-1118

Identificadores relacionados

Produtos afetados

Referências · 8