CVE-2011-5164
NONE EPSS 97.9%
Published Sep 15, 201213y ago · Modified Jun 16, 20262w ago
Published Sep 15, 2012 13y ago
Last Modified Jun 16, 2026 2w ago
Description
Stack-based buffer overflow in VanDyke Software AbsoluteFTP 1.9.6 through 2.2.10 allows remote FTP servers to execute arbitrary code via a crafted file name in a LIST command response.
Threat Intelligence
EPSS Exploit Probability
97.9% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 14
| Vendor | Product | Version | Range |
|---|---|---|---|
| vandyke | absoluteftp | 1.9.6 | any |
| vandyke | absoluteftp | 2.0.3 | any |
| vandyke | absoluteftp | 2.0.4 | any |
| vandyke | absoluteftp | 2.0.5 | any |
| vandyke | absoluteftp | 2.2.1 | any |
| vandyke | absoluteftp | 2.2.2 | any |
| vandyke | absoluteftp | 2.2.3 | any |
| vandyke | absoluteftp | 2.2.4 | any |
| vandyke | absoluteftp | 2.2.5 | any |
| vandyke | absoluteftp | 2.2.6 | any |
| vandyke | absoluteftp | 2.2.7 | any |
| vandyke | absoluteftp | 2.2.8 | any |
| vandyke | absoluteftp | 2.2.9 | any |
| vandyke | absoluteftp | 2.2.10 | any |
References 5
- secunia.com http://secunia.com/advisories/46781
- exploit-db.com http://www.exploit-db.com/exploits/18102
- osvdb.org http://www.osvdb.org/77105
- saintcorporation.com http://www.saintcorporation.com/cgi-bin/exploit_info/vandyke_absoluteftp_list_client_overflow
- securityfocus.com http://www.securityfocus.com/bid/50614
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.