Added: 12/12/2011
BID: 50614
OSVDB: 77105
VanDyke AbsoluteFTP is a popular free FTP client. AbsoluteFTP was replaced by SecureFX in 1998, and support for AbsoluteFTP ended in 2007.
The AbsoluteFTP client contains a buffer overflow vulnerability when parsing file and directory listing replies from the server. The client tries to copy the file name to a fixed-length stack buffer without performing adequate validation.
The vendor has discontinued support for AbsoluteFTP. Further usage of this product is not recommended.
<http://www.vandyke.com/products/absoluteftp/index.html>
<http://secunia.com/advisories/46781/>
This exploit has been tested against VanDyke AbsoluteFTP 2.2.10 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
Windows