CVE-2014-0603

Name of the Vulnerable Software and Affected Versions Attachmate Reflection FTP Client versions prior to 14.1.429

Description The issue allows remote attackers to cause a denial of service and execute arbitrary code via vectors related to the GetGlobalSettings or GetSiteProperties3 methods, which triggers a dereference of an arbitrary memory address.

Recommendations For versions prior to 14.1.429, update to version 14.1.429 or later to resolve the issue. As a temporary workaround, consider disabling the GetGlobalSettings and GetSiteProperties3 methods until a patch is available. Restrict access to the rftpcom.dll ActiveX control to minimize the risk of exploitation.