Lucene search

Kaspersky LabKLA10162

HistorySep 19, 2012 - 12:00 a.m.

KLA10162 ACE vulnerability in FlashFXP

2012-09-1900:00:00

Kaspersky Lab

threats.kaspersky.com

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.256 Low

EPSS

Percentile

96.7%

JSON

Buffer overflows were found in FlashFXP. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via specially designed strings in listbox or combobox.

Original advisories

FlashFXP bulletin

Exploitation

Public exploits exist for this vulnerability.

Related products

FlashFXP

CVE list

CVE-2012-4992 critical

Solution

Update to latest version

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

FlashFXP versions earlier than 4.2

References

www.flashfxp.com/forum/flashfxp/news/15473-flashfxp-4-2-released.html#post81101

statistics.securelist.com/

threats.kaspersky.com/en/product/FlashFXP/

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.256 Low

EPSS

Percentile

96.7%

JSON

Related for KLA10162