Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:565580
HistoryJul 24, 2014 - 12:00 a.m.

BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflow

2014-07-2400:00:00
www.kb.cert.org
14

0.581 Medium

EPSS

Percentile

97.7%

JSON

Overview

BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflow

Description

CWE-121******-**Stack-based Buffer Overflow
BulletProof FTP Client 2010 does not check the length of the host parameter set in the quick connect bar. A long host value causes a stack-based buffer overflow, possibly allowing for arbitrary code execution.

Impact

A local attacker may be able to overwrite the stack memory causing the process to crash or create unpredictable behavior. It is possible that this vulnerability may be used to execute arbitrary code in the context of the logged in user.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Use the Microsoft Enhanced Mitigation Experience Toolkit

The Microsoft Enhanced Mitigation Experience Toolkit (EMET) can be used to help prevent exploitation of this vulnerability. CERT/CC has created a video tutorial for setting up EMET 3.0 on Windows 7. Note that platforms that do not support ASLR, such as Windows XP and Windows Server 2003, will not receive the same level of protection that modern Windows platforms will.

Vendor Information

565580

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

BulletProof Software Affected

Updated: July 24, 2014

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base 4.3 AV:L/AC:L/Au:S/C:P/I:P/A:P
Temporal 3.9 E:POC/RL:U/RC:C
Environmental 2.9 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Gabor Seljan for reporting this vulnerability.

This document was written by Chris King.

Other Information

CVE IDs: CVE-2014-2973
Date Public: 2014-07-24 Date First Published:

Related

zdt 4
packetstorm 4
exploitpack 3
cvelist 1
seebug 1
exploitdb 3
nvd 1
prion 1
cve 1
zdt
zdt
BulletProof FTP Client BPS Buffer Overflow Exploit
2015-01-06 00:00:00
BulletProof FTP Client 2010 - Buffer Overflow (SEH) Exploit
2014-12-10 00:00:00
BulletProof FTP Client 2010 - Buffer Overflow (SEH)
2014-07-24 00:00:00
packetstorm
packetstorm
BulletProof FTP Client 2010 Buffer Overflow
2014-12-09 00:00:00
BulletProof FTP Client BPS Buffer Overflow
2015-01-06 00:00:00
BulletProof FTP Client 2010 Buffer Overflow
2014-07-25 00:00:00
exploitpack
exploitpack
BulletProof FTP Client 2010 - Local Buffer Overflow (SEH) (Ruby)
2014-12-03 00:00:00
BulletProof FTP Client 2010 - Buffer Overflow (SEH) (PoC)
2014-07-24 00:00:00
BulletProof FTP Client 2010 - Buffer Overflow (SEH) (Python)
2014-09-05 00:00:00
cvelist
cvelist
CVE-2014-2973
2014-12-15 17:27:00
seebug
seebug
BulletProof FTP Client 2010 - Buffer Overflow (SEH) Exploit
2014-09-18 00:00:00
exploitdb
exploitdb
BulletProof FTP Client 2010 - Buffer Overflow (SEH) (PoC)
2014-07-24 00:00:00
BulletProof FTP Client 2010 - Local Buffer Overflow (SEH)
2014-12-03 00:00:00
BulletProof FTP Client 2010 - Buffer Overflow (SEH)
2014-09-05 00:00:00
nvd
nvd
CVE-2014-2973
2014-12-15 18:59:02
prion
prion
Design/Logic Flaw
2014-12-15 18:59:00
cve
cve
CVE-2014-2973
2014-12-15 18:59:02

0.581 Medium

EPSS

Percentile

97.7%

JSON
Related for VU:565580
zdt4packetstorm4exploitpack3cvelist1seebug1exploitdb3nvd1prion1cve1