CVE-2010-20107

Public Exploit

FTP Synchronizer Professional <= 4.0.73.274 Stack Buffer Overflow

Description

A stack-based buffer overflow exists in FTP Synchronizer Professional <= v4.0.73.274. When the client connects to an FTP server and issues a LIST command—typically during sync preview or profile creation—the server’s response containing an overly long filename triggers a buffer overflow. This results in the corruption of the Structured Exception Handler (SEH), potentially allowing remote code execution.

References

Link	Tags
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/ftpsynch_list_reply.rb	exploit
https://www.exploit-db.com/exploits/16720	exploit
https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/	exploit technical description
https://www.ftpsynchronizer.com/	product
https://web.archive.org/web/20111016235434/http://www.ftpsynchronizer.com/	product
https://www.vulncheck.com/advisories/ftp-synchronizer-professional-stack-buffer-overflow	third party advisory

Frequently Asked Questions

What is the severity of CVE-2010-20107?: CVE-2010-20107 has been scored as a high severity vulnerability.
How to fix CVE-2010-20107?: To fix CVE-2010-20107, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2010-20107 being actively exploited in the wild?: It is possible that CVE-2010-20107 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2010-20107?: CVE-2010-20107 affects Liuxz Software FTP Synchronizer Professional.

Description

Category

CWE-121 – Stack-based Buffer Overflow

References

Frequently Asked Questions