WS_FTP Pro Client ASCII Mode Directory Listing Handling Overflow
High Nessus Plugin ID 12108
SynopsisThe remote Windows host has an FTP client that is prone to a buffer overflow attack.
DescriptionThe version of WS_FTP Pro, an FTP client, installed on the remote host is earlier than 9.0. Such versions are reportedly affected by a remote overflow triggered by an overly long string of ASCII mode directory data from a malicious server.
If an attacker can trick a user on this system to connect to a malicious FTP server using the affected application, this issue could be leveraged to execute arbitrary code subject to the user's privileges.
SolutionUpgrade to WS_FTP Pro 9.0, as that reportedly addresses the issue.