header-logo
Suggest Exploit
vendor:
LeapFTP
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: LeapFTP
Affected Version From: Prior to 2.7.6.612
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: a:leapware:leapftp
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

LeapFTP Client Remote Buffer Overflow Vulnerability

LeapFTP client is prone to a remote buffer overflow vulnerability. The issue arises when the client handles a malformed LeapFTP Site Queue (.lsq) file. A remote attacker may gain unauthorized access in the context of the user running the application.

Mitigation:

Upgrade to LeapFTP version 2.7.6.612 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14655/info

LeapFTP client is prone to a remote buffer overflow vulnerability.

The issue arises when the client handles a malformed LeapFTP Site Queue (.lsq) file.

A remote attacker may gain unauthorized access in the context of the user running the application.

LeapFTP versions prior to 2.7.6.612 are affected by this vulnerability.

//bof.lsq

[HOSTINFO]
HOST=AAAAA...[ long string ]...AAAAA
USER=username
PASS=password

[FILES]
"1","/winis/ApiList.zip","477,839","E:\ApiList.zip"