vendor:
ActFax Server FTP
by:
chap0
9.3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: ActFax Server FTP
Affected Version From: Version 4.25, Build 0221 (2010-02-11)
Affected Version To: Version 4.25, Build 0221 (2010-02-11)
Patch Exists: YES
Related CWE: N/A
CPE: a:actfax:actfax_server_ftp
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2011
ActFax Server FTP Remote BOF (post auth)
A buffer overflow vulnerability exists in ActFax Server FTP, which could allow an authenticated remote attacker to execute arbitrary code on the vulnerable system. The vulnerability is due to insufficient boundary checks when handling user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted FTP request containing an overly long string. Successful exploitation could result in arbitrary code execution in the context of the application.
Mitigation:
Upgrade to the latest version of ActFax Server FTP.
