vendor:
i-FTP
by:
metacom
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: i-FTP
Affected Version From: i.Ftp v2.20
Affected Version To: i.Ftp v2.20
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows
2014
i-FTP Buffer Overflow SEH
This exploit takes advantage of a buffer overflow vulnerability in i-FTP v2.20, allowing an attacker to execute arbitrary code. The exploit uses a return address overwrite technique to redirect program execution flow to the attacker's shellcode. The shellcode payload used in this exploit spawns the Windows calculator. The exploit has been tested on various Windows platforms, including Win7 32bit, Win8.1 64bit, and Win XPsp3.
Mitigation:
Apply the latest security patch or upgrade to a newer version of i-FTP.