Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1724

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1724
Last Modified 07 Mar 2011 10:07:32
Published 11 Apr 2008 03:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1724

Summary

Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile parameter.

Vulnerable Systems

Application

  • Tumbleweed Securetransport Server App 4.6.1


References

XF - securetransport-filetransfer-activex-bo(41692)

VUPEN - ADV-2008-1165

BID - 28662

BUGTRAQ - 20080407 Tumbleweed SecureTransport FileTransfer ActiveX Control Buffer Overflow

MILW0RM - 5398

MISC - http://www.aushack.com/200708-tumbleweed.txt

SREASON - 3806

SECUNIA - 29717


Last Updated: 27 May 2016 10:47:38