Security Advisory—SecureCRT® 5.0 and SecureFX® 3.0
In SecureCRT versions 5.0 through 5.0.4 and
SecureFX version 3.0 through 3.0.4, a buffer
overflow was theoretically possible when a
Unicode string was converted to a narrow string.
Posted: March 3, 2006
When converting a Unicode string to a narrow
string, it was theoretically possible to exploit
a buffer overflow if certain conditions were met.
This issue was found through code inspection.
There are no known exploits. VanDyke Software
considers the threat extremely minimal.
Affected Software Versions
SecureCRT versions 5.0 through 5.0.4.
SecureFX version 3.0 through 3.0.4.