Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Full-Disclosure] CoffeeCup FTP Clients Buffer Overflow Vulnerability
From: Komrade (unsecurealtervista.org)
Date: Mon Nov 22 2004 - 08:39:34 CST
CoffeCup Direct FTP - FTP client for Windows.
CoffeeCup Free FTP - free FTP client for Windows.
Versions verified to be vulnerable:
CoffeeCup Direct FTP 126.96.36.199 (latest version)
CoffeeCup Free FTP 188.8.131.52 (latest version)
Prior version should be vulnerable as well.
Each this programs use the ActiveX Control "WeOnlyDo! COM Ftp DELUXE"
(WodFtpDLX.ocx) to communicate with FTP servers.
I discovered that this ActiveX doesn't correctly handle a very long file
name sent from an FTP server, causing the programs to be vulnerable to a
remote buffer overflow.
Details on the vulnerabiliy that affect WodFtpDLX ActiveX Control can be
You can find a proof of concept exploit that spawn a shell on port 5555
on the target machine here:
I notified this vulnerability to the vendor on 19/11/2004 and they
replied that they would start immediately to work on a fix.
16/11/2004 Vulnerbility found.
19/11/2004 Vendor contacted for the first time.
19/11/2004 Vendor reply. They are working to fix this vulnerability.
22/11/2004 Public disclosure.
- Unsecure Programs -
- http://unsecure.altervista.org -
- Vulnerabilities and exploits -
- http://unsecure.altervista.org/security.htm -
Full-Disclosure - We believe in it.