Lucene search

[email protected]CVE-2014-0603

HistoryFeb 06, 2015 - 11:59 a.m.

CVE-2014-0603

2015-02-0611:59:00

CWE-94

[email protected]

web.nvd.nist.gov

security

cve-2014-0603

rftpcom.dll

activex control

attachmate reflection ftp client

denial of service

memory corruption

execute arbitrary code

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.721 High

EPSS

Percentile

98.1%

JSON

The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to cause a denial of service (memory corruption) and execute arbitrary code via vectors related to the (1) GetGlobalSettings or (2) GetSiteProperties3 methods, which triggers a dereference of an arbitrary memory address. NOTE: this issue was MERGED with CVE-2014-0606 because it is the same type of vulnerability, affecting the same set of versions, and discovered by the same researcher.

Affected configurations

NVD

Node

attachmatereflection_ftp_clientRange≤14.1.420

CPENameOperatorVersion
attachmate:reflection_ftp_clientattachmate reflection ftp clientle14.1.420

CPE	Name	Operator	Version
attachmate:reflection_ftp_client	attachmate reflection ftp client	le	14.1.420

References

support.attachmate.com/techdocs/2501.html

www.zerodayinitiative.com/advisories/ZDI-14-288/

www.zerodayinitiative.com/advisories/ZDI-14-291/

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.721 High

EPSS

Percentile

98.1%

JSON

Related for CVE-2014-0603

cvelist2 prion2 nvd2 cve1 zdi2 checkpoint_advisories2