Intrusion Prevention

Attachmate.Reflection.FTP.Client.Memory.Corruption

Description

This indicates an attempt to exploit a Memory Corruption vulnerability in the Attachmate Reflection ActiveX control.
The vulnerability, which is due to an error in Reflection FTP Client ActiveX control, can be exploited through misuse of a vulnerable method. A remote attacker can exploit this by tricking an unsuspecting user into visiting a malicious webpage and execute arbitrary code within the context of the targeted users' browser.

Affected Products

Attachmate INFOConnect Enterprise prior to 9.2.0.1182
Attachmate Reflection FTP Client prior to 14.1.420.0

Impact

System Compromise: Remote attackers can execute arbitrary code within the context of the target user's browser

Recommended Actions

Apply the most recent upgrade or patch from the vendor
http://support.attachmate.com/techdocs/2546.html

CVE References

CVE-2014-0603