Upstream information
Description
The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to cause a denial of service (memory corruption) and execute arbitrary code via vectors related to the (1) GetGlobalSettings or (2) GetSiteProperties3 methods, which triggers a dereference of an arbitrary memory address. NOTE: this issue was MERGED with CVE-2014-0606 because it is the same type of vulnerability, affecting the same set of versions, and discovered by the same researcher.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having critical severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 10 |
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
SUSE Security Advisories:
- TID7021279, published Sa 3. Mär 12:00:59 CET 2018
- TID7021432, published Sa 3. Mär 12:00:38 CET 2018
- TID7021518, published Sa 3. Mär 12:01:00 CET 2018
- TID7021676, published Sa 3. Mär 10:24:18 CET 2018
- TID7021739, published Sa 19. Mai 14:06:42 CEST 2018
- TID7021848, published Sa 3. Mär 12:00:57 CET 2018
- TID7021990, published Sa 3. Mär 12:00:48 CET 2018
- TID7022102, published Sat Mar 3 09:45:41 UTC 2018
SUSE Timeline for this CVE
CVE page created: Wed Aug 13 08:39:36 2014CVE page last modified: Wed Mar 26 11:26:37 2025