Ace-FTP Client Structured Exception Handler Overwrite Buffer Overflow Vulnerability
BID:24403
Info
Ace-FTP Client Structured Exception Handler Overwrite Buffer Overflow Vulnerability
| Bugtraq ID: | 24403 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-3161 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 20 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | n00b is credited with the discovery of this vulnerability. |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Ace-FTP Client Structured Exception Handler Overwrite Buffer Overflow Vulnerability
Ace-FTP client is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check server-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects Ace-FTP 1.24a; other versions may also be affected.
Ace-FTP client is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check server-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects Ace-FTP 1.24a; other versions may also be affected.
Exploit / POC
Ace-FTP Client Structured Exception Handler Overwrite Buffer Overflow Vulnerability
The following proof-of-concept code is available for the SEH overwrite:
The following proof-of-concept code is available for the SEH overwrite:
Solution / Fix
Ace-FTP Client Structured Exception Handler Overwrite Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Ace-FTP Client Structured Exception Handler Overwrite Buffer Overflow Vulnerability
References:
References:
- Visicom Media Ace-FTP Homepage (Visicom Media)