Vulnerability CVE-2008-5753


Published: 2008-12-30   Modified: 2012-02-12

Description:
Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar.

See advisories in our WLB2 database:
Topic
Author
Date
High
BulletProof FTP Client 2.63 Local Heap Overflow PoC
His0k4
02.01.2009

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Bpftp -> Bulletproof ftp client 

 References:
http://packetstormsecurity.com/files/131965/BulletProof-FTP-Client-2010-Buffer-Overflow.html
http://securityreason.com/securityalert/4835
http://www.kb.cert.org/vuls/id/565580
http://www.milw0rm.com/exploits/7571
http://www.securityfocus.com/bid/33007
https://www.exploit-db.com/exploits/37056/

Copyright 2020, cxsecurity.com

 

Back to Top