This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Windows host has an application that is affected by a
remote integer overflow vulnerability.
The version of FileZilla Client on the remote host is a version prior
to 3.7.2. As such, it is affected by an integer overflow vulnerability
that exists in the 'getstring()' function from PuTTY used to handle
SFTP. This can lead to a heap overflow during the SSH handshake prior
to authentication, due to improper bounds checking of the length
parameter received from the SFTP server. An attacker could exploit this
issue by tricking a user into connecting to a specially crafted SFTP
server. This could lead to a denial of service, and potentially code
See also :
Upgrade to FileZilla Client 3.7.2 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true