A buffer overflow in DELE was originally reported to Bugtraq by CorryL in March 2005, for ArGoSoft FTP 1.4.2.8 (CVE-2005-0696): http://www.securityfocus.com/archive/1/392653 According to CorryL's disclosure timeline, no patch had been released by the disclosure date. So, is this a rediscovery of that older issue, for the most recent version? - Steve