Vulnerability Development mailing list archives
Buffer overflow in Microsoft ftp.exe
From: "aT4r InsaN3" <at4r () hotmail com>
Date: Wed, 30 Apr 2003 10:34:21 +0200
There is a Buffer overflow in the raw quote command in the Microsoft Windows XP ftp.exe
just type: quote AAAAAAAAA....[517 chars]...AAAAAAAAAAAA ftp.exe will crashafter several checks i was unable to exploit this vulnerability remotely but maybe there are other bugs in the way that ftp.exe manages the buffer of server replyes.
An attack scenario can be the following:a Windows workstation/server that executes commands like this one: at /next:xxxxxx ftp -s:scriptfile
if an attacker with axx to the system is able to modify the scriptfile he can modify the script and place an evil command Quote AAAAAA..SHELLCODE... and execute code with elevated privileges.
tested in ftp.exe v 5.1.2600.1106 WINXP SP1 Spanish version fix: check file permisions with cacls. at4r [at] 3wdesign.es Security _________________________________________________________________Melodías, logos y mil servicios para tu teléfono en MSN Móviles. http://www.msn.es/MSNMovil/
Current thread:
- Buffer overflow in Microsoft ftp.exe aT4r InsaN3 (Apr 30)
- Re: Buffer overflow in Microsoft ftp.exe D.C. van Moolenbroek (Apr 30)
- <Possible follow-ups>
- Re: Buffer overflow in Microsoft ftp.exe rdusek (Apr 30)