CVE-2011-5012

Attachmate Reflection FTP Client - Heap Overflow

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206, allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command.

Desbordamiento de búfer en la región heap de la memoria en Reflection FTP Client (la biblioteca rftpcom.dll versión 7.2.0.106 y posiblemente otras versiones), como es usado en Reflection 2008, Reflection 2011 versión R1 anterior a 15.3.2.569 y anterior a versión R1 SP1, Reflection 2011 versión R2 anterior a 15.4.1.327, Reflection Windows Client versión 7.2 SP1 anterior a hotfix 7.2.1186, y Reflection versión 14.1 SP1 anterior a 14.1.1.206 de Attachmate, permite a servidores FTP remotos ejecutar código arbitrario por medio de un nombre de directorio largo en una respuesta a un comando LIST.

*Credits: N/A

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-11-16 First Exploit
2011-12-24 CVE Reserved
2011-12-25 CVE Published
2024-01-12 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (10)

URL	Tag	Source
http://support.attachmate.com/techdocs/1708.html	X_refsource_confirm
http://support.attachmate.com/techdocs/2288.html	X_refsource_confirm
http://support.attachmate.com/techdocs/2502.html	X_refsource_confirm
http://www.osvdb.org/77189	Vdb Entry
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=29&Itemid=29	X_refsource_misc
http://www.securitytracker.com/id?1026340	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/71330	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/18119	2011-11-16
http://www.exploit-db.com/exploits/18119	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/46879	2017-08-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Attachmate Search vendor "Attachmate"		Reflection Search vendor "Attachmate" for product "Reflection"				7.2 Search vendor "Attachmate" for product "Reflection" and version "7.2"		sp1, windows_client		Affected
Attachmate Search vendor "Attachmate"		Reflection Search vendor "Attachmate" for product "Reflection"				14.1 Search vendor "Attachmate" for product "Reflection" and version "14.1"		sp1		Affected
Attachmate Search vendor "Attachmate"		Reflection 2008 Search vendor "Attachmate" for product "Reflection 2008"				*		-		Affected
Attachmate Search vendor "Attachmate"		Reflection 2008r1 Search vendor "Attachmate" for product "Reflection 2008r1"				sp1 Search vendor "Attachmate" for product "Reflection 2008r1" and version "sp1"		-		Affected
Attachmate Search vendor "Attachmate"		Reflection 2008r2 Search vendor "Attachmate" for product "Reflection 2008r2"				*		-		Affected
Attachmate Search vendor "Attachmate"		Reflection 2011r1 Search vendor "Attachmate" for product "Reflection 2011r1"				*		-		Affected