CVE-2011-5012

Published: Dec 25, 2011Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206, allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command.

Affected (6)

Products: Attachmate: Reflection, Reflection 2008, Reflection 2008r1, Reflection 2008r2, Reflection 2011r1

5 products

Reflection 2008

Reflection 2008r1

Reflection 2008r2

Reflection 2011r1

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Attachmate Reflection	Version 14.1 sp1
Attachmate Reflection	Version 7.2 sp1
Attachmate Reflection 2008	All versions
Attachmate Reflection 2008r1	Version sp1
Attachmate Reflection 2008r2	All versions
Attachmate Reflection 2011r1	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (18)

http://secunia.com/advisories/46879

Source: cve@mitre.org

Vendor Advisory

http://support.attachmate.com/techdocs/1708.html

Source: cve@mitre.org

http://support.attachmate.com/techdocs/2288.html

Source: cve@mitre.org

http://support.attachmate.com/techdocs/2502.html

Source: cve@mitre.org

http://www.exploit-db.com/exploits/18119

Source: cve@mitre.org

Exploit

http://www.osvdb.org/77189

Source: cve@mitre.org

http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=29&Itemid=29

Source: cve@mitre.org

http://www.securitytracker.com/id?1026340

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/71330

Source: cve@mitre.org

http://secunia.com/advisories/46879

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.attachmate.com/techdocs/1708.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.attachmate.com/techdocs/2288.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.attachmate.com/techdocs/2502.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.exploit-db.com/exploits/18119

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.osvdb.org/77189

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=29&Itemid=29

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1026340

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/71330

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.