Opened 11 years ago
Closed 11 years ago
#9559 closed Bug report (rejected)
FileZilla 3.8.1 incompatible with EMET
Reported by: | notrone2 | Owned by: | |
---|---|---|---|
Priority: | high | Component: | FileZilla Client |
Keywords: | emet | Cc: | |
Component version: | Operating system type: | Windows | |
Operating system version: | Windows 7 x64 SP1 |
Description
Background:
The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform.
http://support.microsoft.com/kb/2458544
Issue
Since upgrading to 3.8.1, FileZilla is being terminated by EMET as it is triggering the "SimExecFlow" mitigation:
EMET detected SimExecFlow mitigation and will close the application: filezilla.exe
SimExecFlow check failed: Application : C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe User Name : asdf Session ID : 1 PID : 0x1198 (4504) TID : 0x2428 (9256) CodeAddress : 0x009D1909 CodeStackPtr : 0x28FDB4 CalledAddress : 0x753F4327 API name : kernel32.VirtualProtect StackPtr : 0x0028FD98 FramePtr : 0x28FDC0
As EMET is used in enterprise environments where it cannot be disabled by users, this issue prevents FileZilla from functioning. Downgrading to 3.8.0 fixes the issue.
Change History (4)
comment:1 by , 11 years ago
Priority: | blocker → high |
---|---|
Resolution: | → worksforme |
Status: | new → closed |
comment:2 by , 11 years ago
Bug confirmed on EMET 4.0.4913.26122
Application Name: C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe Execution flow simulation check failed: PID : 0x196C/6508 TID : 189C CodeAddress : 009D1909 CodeStackPtr : 28FDB4 CalledAddress: 77174327 API name : kernel32.VirtualProtect StackPtr : 0028FD98 FramePtr : 28FDC0
The workaround is either to delete Filezilla from the list of EMET-protect apps for administrators, or to revert to the previous (but TLS-bug-affected) Filezilla version for non-administrators.
comment:3 by , 11 years ago
Resolution: | worksforme |
---|---|
Status: | closed → reopened |
ooops i forgot to reopen the ticket
comment:4 by , 11 years ago
Resolution: | → rejected |
---|---|
Status: | reopened → closed |
Please update to the most recent version of EMET.
Cannot reproduce using EMET 4.1.5228.513