SmartFTP Client 10.0.2909.0 Multiple Denial of Service

2021.09.06
Credit: Eric Salario
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service # Date: 9/5/2021 # Exploit Author: Eric Salario # Vendor Homepage: https://www.smartftp.com/en-us/ # Software Link: https://www.smartftp.com/en-us/download # Version: 10.0.2909.0 (32 and 64 bit) # Tested on: Microsoft Windows 10 32 bit and 64 bit ========================================================================= buffer = "//" buffer += "A" * 423 f = open ("path.txt", "w") f.write(buffer) f.close() 1. Run the python script 2. Open SmartFTP > New Connection > FTPS (explicit) 3. Enter a non existing ip the FTP server can't reach (e.g 255.255.255.255) 4. In Path, copy paste the content of the "path.txt" generated by the python script 5. Click "OK" 6. SmartFTP client crashes ======================================================================= 1. Open SmartFTP > New Connection > FTPS (explicit) 2. Enter a non existing ip the FTP server can't reach (e.g 255.255.255.255) 3. In Path, type slash ("/") and click "OK" 4. The app should return "Error 0x80072741" 5. In the path's search bar, replace slash ("/") with whatever and press enter 6. SmartFTP client crashes ======================================================================= 1. Open SmartFTP 2. In the "New Connection" bar, clear the history (dropdown to the right of the bar) 3. Once the history is empty, click the bar and type anything 3. SmartFTP client crashes


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top