FlashGet FTP PWD buffer overflow

Added: 08/27/2008
CVE: CVE-2008-4321
BID: 30685
OSVDB: 47457

Background

FlashGet is an FTP client formerly known as JetCar.

Problem

A buffer overflow in FlashGet allows command execution when a user connects to an FTP server which sends a specially crafted PWD response.

Resolution

Use a different FTP client.

References

http://secunia.com/advisories/31481/

Limitations

Exploit works on FlashGet 1.9.6.

Platforms

Windows 2000

Back to exploit index