Arbitrary Code Execution Vulnerability in PlatinumFTPserver for Windows

Reported December 23, 2003 by Jan-Olivier Filiols and Philippe Oechslin.

 

 

VERSIONS AFFECTED

 

  • PlatinumFTPserver 1.0.18 for Windows

 

DESCRIPTION

 

  • A vulnerability in PlatinumFTPserver 1.0.18 for Windows can result in the execution of arbitrary code on the vulnerable system. This vulnerability occurs because the product permits remote attackers to supply formatting strings to the FTP server.

DEMONSTRATION

 

The discoverer posted the following code as proof of concept:

 

Examples:

 

user %s%s%s%s
mkdir %s%s%s%s
rename filename %s%s%s%s

 

VENDOR RESPONSE

 

PlatinumFTP has been notified.

 

CREDIT

 

Discovered by Jan-Olivier Filiols and Philippe Oechslin.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish