Topic: LeapFTP Site Queue file buffer overflow vulnerability

Affects: 	LeapFTP releases from 2.7.0 to 2.7.5
Announced:	2005-08-23
Credits:	Sowhat http://secway.org
Author:		cravey@leapware.com

0.	Advisory Revision History

v1.0	Initial Release

I.	Background

Specially modified LeapFTP Site Queue (.lsq) file may result in code execution.

II.	Problem Description

A buffer overflow vulnerability has been identified that may allow arbitrary
code to be executed with the privileges of the user running LeapFTP. This
occurs when a specially modified LeapFTP Site Queue file (.lsq) is opened by
LeapFTP. The filetype is registered with Windows by LeapFTP. As a result, the
file may be opened by LeapFTP when it is double-clicked.

III.	Impact

If a malicious individual is able to modify a .lsq and cause it to be opened
by LeapFTP, malicious code execution may result. The vectors for this are
basically:

     1) Malicious person has write privileges on victim computer.
     2) Malicious person sends victim a modified file and victim opens it.

IV.	Workaround

Don't let untrusted people have write access to your drive. Don't open files
originating from untrustworthy sources.

V.	Solution

Upgrade your LeapFTP client to version 2.7.6.

VI.	Notes

Perhaps the content of sections IV and V should be swapped.

Due to LeapFTP vulnerability 2003052101, please be aware that although LeapFTP
versions prior to 2.7.0 appear to be free from this vulnerability, all LeapFTP
users should upgrade to LeapFTP 2.7.6.