Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execute arbitrary code via a long unicode string to (1) TListbox or (2) TComboBox.
https://exchange.xforce.ibmcloud.com/vulnerabilities/73626
http://www.vulnerability-lab.com/get_content.php?id=462
http://www.securityfocus.com/bid/52259
http://www.flashfxp.com/forum/news/15473-flashfxp-4-2-released.html#post81101