PT-2004-2087 · Coffeecup+1 · Coffeecup Free Ftp+2

Published

2004-12-01

Updated

2017-07-11

CVE-2004-1118

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: WeOnlyDo! ActiveX component versions prior to 2.3.2.97 CoffeeCup Direct FTP version 6.2.0.62 CoffeeCup Free FTP version 3.0.0.10

Description: The issue is a buffer overflow in the WodFtpDLX.ocx ActiveX component. This allows remote attackers to execute arbitrary code via a long filename.

Recommendations: For WeOnlyDo! ActiveX component versions prior to 2.3.2.97, update to version 2.3.2.97 or later. For CoffeeCup Direct FTP version 6.2.0.62, update to a version that uses the patched WeOnlyDo! ActiveX component. For CoffeeCup Free FTP version 3.0.0.10, update to a version that uses the patched WeOnlyDo! ActiveX component.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1118

Affected Products

Coffeecup Direct Ftp

Coffeecup Free Ftp

Weonlydo! Activex

PT-2004-2087 · Coffeecup+1 · Coffeecup Free Ftp+2

CVE-2004-1118

Related Identifiers

Affected Products

References · 8