vendor:
TFTP Server for Windows
by:
Mati Aharoni
9.3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: TFTP Server for Windows
Affected Version From: V1.4 ST
Affected Version To: V1.4 ST
Patch Exists: YES
Related CWE: N/A
CPE: a:sourceforge:tftp_server
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows Vista SP0
2006
TFTP Server for Windows V1.4 ST (0day)
A buffer overflow vulnerability exists in the TFTP Server for Windows V1.4 ST, which could allow an attacker to execute arbitrary code on the vulnerable system. The vulnerability is due to insufficient bounds checking of user-supplied data, which can be exploited by sending a specially crafted packet to the TFTP server. Successful exploitation could result in arbitrary code execution with the privileges of the TFTP service.
Mitigation:
Upgrade to the latest version of TFTP Server for Windows V1.4 ST.