Attachmate Reflection FTP Client ActiveX Control CVE-2014-0604 Remote Code Execution Vulnerability

Bugtraq ID:	69154
Class:	Unknown
CVE:	CVE-2014-0604
Remote:	Yes
Local:	No
Published:	Aug 07 2014 12:00AM
Updated:	Aug 14 2014 01:03AM
Credit:	Andrea Micalizzi (rgod), working with HP's Zero Day Initiative
Vulnerable:	Attachmate Reflection 13.0.5 Attachmate Reflection 13.0.4 Attachmate Reflection 8.0 Attachmate Reflection 14.1 SP1 Attachmate Reflection 14.1 Attachmate Reflection 14.0 SP1 Attachmate Reflection 14.0 Attachmate Reflection 13.0 Attachmate Reflection 10.0
Not Vulnerable:

Attachmate Reflection FTP Client ActiveX Control CVE-2014-0604 Remote Code Execution Vulnerability

Attachmate Reflection FTP Client ActiveX control is prone to a remote-code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code which can result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition.

Attachmate Reflection 15.6.1.698 and prior are vulnerable.

Attachmate Reflection FTP Client ActiveX Control CVE-2014-0604 Remote Code Execution Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Attachmate Reflection FTP Client ActiveX Control CVE-2014-0604 Remote Code Execution Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Attachmate Reflection FTP Client ActiveX Control CVE-2014-0604 Remote Code Execution Vulnerability

References:

• Attachmate Homepage (Attachmate)
  
• Security Updates and Reflection 2011 or Reflection 2008 (Attachmate)