FortiClient Vulnerability

Untrusted Search Path, Directory Traversal, and Heap-based Buffer Overflow for SmartFTP

Description

Untrusted search path vulnerability in SmartFTP 4.0.1140.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .txt, .html, or .mpg file. In version 4.0.1124.0 and possibily other versions before 4.0, a directory traversal vulnarbility which allows remote FTP servers to overwrite files, and in version 2.0.1002 there is a heap-based buffer overflow vulnerbaility.

Affected Applications

SmartFTP

CVE References

CVE-2010-5219 CVE-2010-4871 CVE-2010-3099 CVE-2007-0790 CVE-2003-1319

Other References

https://www.smartftp.com/en-us/

ID	2352
Created	Nov 17, 2021
Description Updated	Nov 17, 2021
Risk
Coverage	FortiClient
Vendor	SmartFTP
Application	SmartFTP

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiClient Vulnerability

Untrusted Search Path, Directory Traversal, and Heap-based Buffer Overflow for SmartFTP

Description

Affected Applications

CVE References

Other References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

FortiClient Vulnerability

Untrusted Search Path, Directory Traversal, and Heap-based Buffer Overflow for SmartFTP

Description

Affected Applications

CVE References

Other References

Threat Intelligence
Center