CVE-2011-5012
Last modified
CVE-2011-5012 is a vulnerability of currently unknown severity. Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206, allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command.. EPSS estimates a 7.85% chance of exploitation in the next 30 days.
Description
Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206, allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Attachmate | Reflection | 7.2 | Sp1 |
| Attachmate | Reflection | 14.1 | Sp1 |
| Attachmate | Reflection 2008 | All versions | — |
| Attachmate | Reflection 2008r1 | sp1 | — |
| Attachmate | Reflection 2008r2 | All versions | — |
| Attachmate | Reflection 2011r1 | All versions | — |
References
- http://secunia.com/advisories/46879Vendor Advisory
- http://secunia.com/advisories/46879Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-5012?
How severe is CVE-2011-5012?
How do I fix CVE-2011-5012?
Are you affected by CVE-2011-5012?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST