ws_ftp overflow

[john layman <john () interteq net>]

Product: WS_FTP Pro v8.02 and probably earlier versions.
Vendor:  Ipswitch

Vendor's Product Description:

WS_FTP Pro is the market leader in Windows-based FTP (file transfer protocol) client software. It enables users and 
organizations to move files between local and remote systems while enjoying the utmost in: 

Problem:

WS_FTP Pro suffers a buffer over-run when ASCII mode directory data is passed to the client from the server, and this 
data exceeds 260 bytes without a terminating CR/LF.  The application crashes with an error stating "instruction at 
0xNNNNNNNN has addressed memory at ..." where 0xNNNNNNNN is a value in the overflowed buffer; suggesting that it is 
possible to cause WS_FTP Pro to continue execution at another location in memory - arbitrary code execution (?)

This problem can be demonstrated by creation of a long filename or directory name (250 bytes or more) in the ftp 
directory on the server, connecting to it and viewing the directory listing.  

Fix:  

Ipswitch was contacted about this problem, and version 8.03 appears to have solved it.  Update!