FlashFXP < 2.1b923 Multiple Remote Overflows

This script is Copyright (C) 2003-2014 Tenable Network Security, Inc.


Synopsis :

An FTP client with multiple stack buffer overflow vulnerabilities is
installed on the remote Windows host.

Description :

FlashFXP, an FTP client, is installed on the remote host. This
version is vulnerable to a stack-based buffer overflow attack when
receiving a long response to the PASV command, or when processing a
long host name.

See also :

http://www.securityfocus.com/archive/1/324387

Solution :

Upgrade to FlashFXP 2.1 build 923 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 11710 (flashfxp_overflow.nasl)

Bugtraq ID: 7857
7859

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now