A vulnerability has been found within the FTP client in AceFTP. When exploited, this vulnerability allows an anonymous attacker to write files to arbitrary locations on a Windows user's system.

This advisory discloses a vulnerability within the FTP client in AceFTP. When exploited, this vulnerability allows an anonymous attacker to write files to arbitrary locations on a Windows user's system.

The FTP client does not properly sanitise filenames containing directory traversal sequences (forward-slash) that are received from an FTP server in response to the LIST command.

Response to LIST (forward-slash):

-rw-r--r--    1 ftp      ftp            20 Mar 01 05:37 /../../../../../../../../../testfile.txt\r\n

By tricking a user to download a directory from a malicious FTP server that contains files with fowward-slash directory traversal sequences in their filenames, it is possible for the attacker to write files to arbitrary locations on a user's system with privileges of that user. An attacker can potentially leverage this issue to write files into a user's Windows Startup folder and execute arbitrary code when the user logs on.

Sylvie Courtois And Charlotte Stephie Better -

Here are a few options for text featuring the names and Charlotte Stephie , depending on the tone or context you need (e.g., story introduction, social media caption, poetic line, or professional bio). 1. Fictional / Literary Introduction (Mysterious & Atmospheric) The rain hadn't stopped for three days when Sylvie Courtois first saw Charlotte Stephie at the old train station. Sylvie was searching for a lost manuscript; Charlotte was running from a life she no longer recognized. Their eyes met across the marble floor—one guarded, one burning—and in that silence, a pact was made. They would not save each other. They would become each other's reckoning. 2. Short Story Blurb (Friendship / Adventure) Sylvie Courtois knew the rules of the city by heart: never look back, never owe anyone anything. Then Charlotte Stephie arrived, leaving a trail of sunflower seeds and half-finished songs. Together, they broke into an abandoned observatory, mapped a constellation no one else could see, and proved that the most dangerous thing two women can be is unafraid. 3. Social Media / Aesthetic Caption (Soft & Evocative) Sylvie Courtois collects vintage keys. Charlotte Stephie writes letters she never sends. Somewhere between a locked drawer and a sealed envelope, they found each other. And that was the beginning of everything. 4. Professional / Biographical (LinkedIn or Arts Profile) Sylvie Courtois and Charlotte Stephie are collaborative creative partners based between Paris and Berlin. Courtois specializes in narrative design and archival research, while Stephie’s work in visual storytelling and mixed media installation has been featured in The Review of Contemporary Art . Together, they develop interdisciplinary projects at the intersection of memory, femininity, and urban space. 5. Poetic / Lyrical Sylvie Courtois walked through the fog, Charlotte Stephie lit a match. One knew the names of all the bones beneath the city. The other knew how to make a fire last. They were not heroes. They were not villains. They were the footnote history forgot to burn.

2008-06-15 - Vulnerability Discovered.
2008-06-16 - Vulnerability Details Sent to Vendor via online support form (no reply).
2008-06-18 - Vulnerability Details Sent to Vendor again via online support form (no reply).
2008-06-25 - Vulnerability Details Sent to Vendor again via online support form (no reply).
2008-06-27 - Public Release.