Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Buffer overflow in Microsoft ftp.exe
From: aT4r InsaN3 (at4rhotmail.com)
Date: Wed Apr 30 2003 - 03:34:21 CDT
There is a Buffer overflow in the raw quote command in the Microsoft Windows
quote AAAAAAAAA....[517 chars]...AAAAAAAAAAAA
ftp.exe will crash
after several checks i was unable to exploit this vulnerability remotely but
maybe there are other bugs in the way that ftp.exe manages the buffer of
An attack scenario can be the following:
a Windows workstation/server that executes commands like this one: at
/next:xxxxxx ftp -s:scriptfile
if an attacker with axx to the system is able to modify the scriptfile he
can modify the script and place an evil command Quote AAAAAA..SHELLCODE...
and execute code with elevated privileges.
tested in ftp.exe v 5.1.2600.1106 WINXP SP1 Spanish version
fix: check file permisions with cacls.
at4r [at] 3wdesign.es Security
Melodías, logos y mil servicios para tu teléfono en MSN Móviles.