The host is installed with AceFTP and is prone to Directory Traversal Vulnerability.

Successful exploitation allows attackers to execute arbitrary code by tricking a user into downloading a directory containing files with specially crafted filenames from a malicious FTP server. Impact Level: Application

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. A workaround is to avoid downloading files and directories from untrusted FTP servers. For updates refer to http://software.visicommedia.com/en/products/

The flaw is due to input validation errors when processing FTP responses to a LIST command. These can be exploited by attackers when downloading the directories containing files with directory traversal specifiers in the filename.

Visicom Medias AceFTP Freeware/Pro Version 3.80.3 and prior on W Windows

• http://secunia.com/advisories/30792
• http://vuln.sg/aceftp3803-en.html
• http://www.frsirt.com/english/advisories/2008/1954

---

Updated on 2015-03-25