Heap-Based Buffer Overflow in GlobalSCAPE CuteFTP Professional and Home Products
CVE-2009-3483

Currently unrated

Key Information:

Vendor: Globalscape
Status: Cuteftp
Vendor: CVE Published:; 30 September 2009

🔔 Create Globalscape Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2009-3483?

A heap-based buffer overflow vulnerability exists in the Create New Site feature of GlobalSCAPE's CuteFTP Professional, Home, and Lite versions 8.3.3 and 8.3.3.0054. This flaw allows remote attackers to exploit the vulnerability by crafting a site list entry with an excessively long label. When a user interacts with this malicious entry, it can lead to memory corruption or potential arbitrary code execution, thus compromising the integrity and security of the affected system.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-3483 - Proof of Concept

References

http://www.osvdb.org/58387

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/36874

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/53487

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 30, 2009
👾
Exploit known to exist
Sep 30, 2009
Vulnerability published
Sep 30, 2009
Vulnerability Reserved
Sep 30, 2009

CVE-2009-3483 Data

JSON