it is not a high risk vulnerability . chance of making an stable exploit in a unicode overflow is low . Regards c0d3r of IHS Network Security Reseacher > LeapFTP .lsq Buffer Overflow Vulnerability > > by Sowhat > > Last Update:2005.08.24 > > http://secway.org/advisory/AD20050824.txt > > Vendor: > > LeapWare Inc. > > Product Affected: > > LeapFTP < 2.7.6.612 > > Overview: > > LeapFTP is the award-winning shareware FTP client > that combines an > intuitive interface with one of the most powerful > client bases around. > > > Details: > > .LSQ is the LeapFTP Site Queue file, And it is > registered with Windows > by LeapFTP. You can save a transfer Queue to .lsq > files and transfer it > later by opening the .lsq files. > > However, LeapFTP does not properly check the length > of the "Host" fields, > when a overly long string is supplied, there will be > a buffer overflow > and probably arbitrary code execution. > > This vulnerability can be exploited by sending the > malformed .lsq file > to the victim, after the victim open the .lsq file, > arbitray code may > executed. > > > //bof.lsq > > [HOSTINFO] > HOST=AAAAA...[ long string ]...AAAAA > USER=username > PASS=password > > [FILES] > "1","/winis/ApiList.zip","477,839","E:\ApiList.zip" > > SOLUTION: > > All users are encouraged to upgrade to 2.7.6 > immediately > Vendor also released an advisory: > http://www.leapware.com/security/2005082301.txt > > Vendor Response: > > 2005.08.22 Vendor notified via online WebForm > 2005.08.23 Vendor responsed and bug fixed > 2005.08.24 Vendor released the new version 2.7.6.612 > 2005.08.24 Advisory Released > ';" type="text/css"> __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
