vendor:
FathFTP
by:
MadjiX
7.5
CVSS
HIGH
Buffer Overflow
CWE
Product Name: FathFTP
Affected Version From: 1.8
Affected Version To: 1.8
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows XP SP3
FathFTP 1.8 (SEH) ActiveX Buffer Overflow
This exploit targets FathFTP version 1.8 and utilizes a buffer overflow vulnerability to execute arbitrary code. The exploit is written in VBScript and contains shellcode that launches the Windows calculator application. It has been tested on Windows XP SP3 with Internet Explorer 6.
Mitigation:
Apply the latest security patches provided by the vendor. Disable ActiveX controls in web browsers.
