9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.256 Low
EPSS
Percentile
96.7%
The remote host is running a version of FlashFXP prior to 4.2.0.1730. It therefore is reportedly has a buffer overflow vulnerability involving the TListbox and TComboBox VCL components.
To exploit the vulnerability remotely, an attacker would need to know the included filters of the connected client to send large strings.
Successful exploitation would allow an attacker to execute arbitrary code within the context of the affected application.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(60111);
script_version("1.8");
script_cvs_date("Date: 2019/12/04");
script_cve_id("CVE-2012-4992");
script_bugtraq_id(52259);
script_xref(name:"EDB-ID", value:"18555");
script_name(english:"FlashFXP < 4.2.0.1730 ListIndex TListBox Handling Remote Overflow");
script_summary(english:"Checks version of FlashFXP");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an FTP client that is affected by a buffer
overflow vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote host is running a version of FlashFXP prior to 4.2.0.1730.
It therefore is reportedly has a buffer overflow vulnerability
involving the TListbox and TComboBox VCL components.
To exploit the vulnerability remotely, an attacker would need to know
the included filters of the connected client to send large strings.
Successful exploitation would allow an attacker to execute arbitrary
code within the context of the affected application.");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2012/Mar/7");
# https://www.flashfxp.com/forum/flashfxp/news/15473-flashfxp-4-2-released.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?36d5d30c");
script_set_attribute(attribute:"solution", value:
"Upgrade to FlashFXP 4.2.0 (4.2.0.1730) or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4992");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/01");
script_set_attribute(attribute:"patch_publication_date", value:"2012/03/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:flashfxp:flashfxp");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("flashfxp_installed.nasl");
script_require_keys("SMB/FlashFXP/Installed");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
kb_base = "SMB/FlashFXP/";
appname = "FlashFXP";
get_kb_item_or_exit(kb_base + 'Installed');
installs = get_kb_list(kb_base + 'Installs/*');
if (isnull(installs)) exit(1, 'The \'' + kb_base + 'Installs KB list is missing.');
info = '';
info2 = '';
vuln = 0;
foreach install (keys(installs))
{
path = installs[install];
version = install - (kb_base + 'Installs/');
fix = '4.2.0.1730';
if (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)
{
vuln++;
info +=
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix + '\n';
}
else info2 += ' and ' + version;
}
if (info)
{
if (report_verbosity > 0) security_hole(port:get_kb_item('SMB/transport'), extra:info);
else security_hole(get_kb_item('SMB/transport'));
exit(0);
}
if (info2)
{
info2 -= ' and ';
if (' and ' >< info2) be = 'are';
else be = 'is';
exit(0, 'The host is not affected since ' + appname + ' ' + info2 + ' ' + be + ' installed.');
}
else exit(1, 'Unexpected error - \'info2\' is empty.');