Crystal FTP Pro Client Buffer Overflow

[Luca Ercoli <luca.ercoli () inwind it>]

Package: Crystal FTP Pro
Auth: http://www.casdk.com/
Version: 2.8 (current release) and below
Vulnerability Type: Arbitrary Command Execution


Crystal FTP Pro Description (from the Developer):

Crystal FTP Pro is a Top awarded FTP client for dummies and experts.
The state of the art user-interface used in Crystal FTP Pro makes it
possible for first time FTP users to be productive and transfer files
over the Internet within minutes, and yet it satisfies FTP veterans
with its highly configurable layout and easy access to advanced
FTP tools. With the flexible Crystal FTP Pro, you can accomplish all
FTP jobs with success. No matter if its publishing a web page,
downloading demos, software, MP3 files and images or transferring
high volume files over an unstable connection. Crystal FTP Pro does
it all.


Vulnerability Description:

Crystal FTP Pro client, does not perform bound checking
on the results returned by 'LIST' command.
A malicious ftp server, could execute arbitrary code on
the target user's client, replies to a 'LIST' command
request with a file list that contain a long file extension.

Example:

le.AAAAAAAAAAAA...(over 250 characters)

The code will be executed with the privileges
of the user running the ftp client.









Credits:

-- 
Luca Ercoli <luca.ercoli [at] inwind.it>