CVE-2008-2779

Name of the Vulnerable Software and Affected Versions CuteFTP Home version 8.2.0 Build 02.26.2008.4 CuteFTP Pro version 8.2.0 Build 04.01.2008.1

Description A directory traversal issue allows remote FTP servers to create or overwrite arbitrary files via .. (dot dot backslash) sequences in responses to LIST commands. This can potentially be leveraged for code execution by writing to a Startup folder.

Recommendations For CuteFTP Home version 8.2.0 Build 02.26.2008.4, consider disabling the ability to write files to arbitrary locations until a patch is available. For CuteFTP Pro version 8.2.0 Build 04.01.2008.1, restrict access to the LIST command to minimize the risk of exploitation.