FlashFXP < 4.2.0.1730 ListIndex TListBox Handling Remote Overflow

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has an FTP client that is affected by a buffer
overflow vulnerability.

Description :

The remote host is running a version of FlashFXP prior to 4.2.0.1730.
It therefore is reportedly has a buffer overflow vulnerability
involving the TListbox and TComboBox VCL components.

To exploit the vulnerability remotely, an attacker would need to know
the included filters of the connected client to send large strings.

Successful exploitation would allow an attacker to execute arbitrary
code within the context of the affected application.

See also :

http://seclists.org/fulldisclosure/2012/Mar/7
http://www.nessus.org/u?24fb05d4

Solution :

Upgrade to FlashFXP 4.2.0 (4.2.0.1730) or later.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 60111 ()

Bugtraq ID: 52259

CVE ID: CVE-2012-4992

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now