VanDyke AbsoluteFTP is a popular free FTP client. AbsoluteFTP was replaced by SecureFX in 1998, and support for AbsoluteFTP ended in 2007.
The AbsoluteFTP client contains a buffer overflow vulnerability when parsing file and directory listing replies from the server. The client tries to copy the file name to a fixed-length stack buffer without performing adequate validation.
The vendor has discontinued support for AbsoluteFTP. Further usage of this product is not recommended.
This exploit has been tested against VanDyke AbsoluteFTP 2.2.10 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).