vendor:
DreamFTP
by:
Marsu
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: DreamFTP
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
BolinTech DreamFTP USER buffer overflow
The server does not correctly handle format string so sending a command like USER %1*3000 let us own EDX. Other values can also affect EAX & ECX. This is only a POC but code execution is possible.
Mitigation:
Apply a patch or update the software to a non-vulnerable version.
