Reported May 30, 2001, by SNS Research.
· Pi-Soft SpoonFTP 220.127.116.11 for Windows 2000, Windows NT, Windows Me, and Windows 9x
A Denial of Service (DoS) condition exists in Pi-Soft SpoonFTP 18.104.22.168 that can let an attacker execute arbitrary code on the server. By establishing an FTP connection to a vulnerable server and issuing the LIST or CWD command, followed by 531 bytes of data or more, an attacker can cause the server process to crash. In most cases, the computer kills the process before passing any data to the stack, but the possibility still exists for an attacker to overwrite the code’s execution instruction point (EIP) and execute the code.
Discovered by SNS Research.