Denial of Service in Pi-Soft SpoonFTP Server

Reported May 30, 2001, by SNS Research.


·         Pi-Soft SpoonFTP for Windows 2000, Windows NT, Windows Me, and Windows 9x


A Denial of Service (DoS) condition exists in Pi-Soft SpoonFTP that can let an attacker execute arbitrary code on the server. By establishing an FTP connection to a vulnerable server and issuing the LIST or CWD command, followed by 531 bytes of data or more, an attacker can cause the server process to crash. In most cases, the computer kills the process before passing any data to the stack, but the possibility still exists for an attacker to overwrite the code’s execution instruction point (EIP) and execute the code.



The vendor, Pi-Soft Consulting, has released version to fix this vulnerability.


Discovered by SNS Research.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.