vendor:
PCMAN FTP
by:
Mahmod Mahajna
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: PCMAN FTP
Affected Version From: 02.07
Affected Version To: 02.07
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows 7 sp1 x64
2014
PCMAN FTP 2.07 CWD Command Buffer Overflow
This exploit takes advantage of a buffer overflow vulnerability in the CWD command of PCMAN FTP version 2.07. By sending a specially crafted string as the argument to the CWD command, an attacker can overwrite the function with junk characters, leading to remote code execution. The exploit includes a shellcode that binds a shell to port 4444.
Mitigation:
Upgrade to a patched version of PCMAN FTP or use an alternative FTP server software.