Reported December 23, 2003 by Jan-Olivier Filiols and Philippe Oechslin.

 

 

VERSIONS AFFECTED

 

  • PlatinumFTPserver 1.0.18 for Windows

 

DESCRIPTION

 

  • A vulnerability in PlatinumFTPserver 1.0.18 for Windows can result in the execution of arbitrary code on the vulnerable system. This vulnerability occurs because the product permits remote attackers to supply formatting strings to the FTP server.

DEMONSTRATION

 

The discoverer posted the following code as proof of concept:

 

Examples:

 

user %s%s%s%s
mkdir %s%s%s%s
rename filename %s%s%s%s

 

VENDOR RESPONSE

 

<span style="font-family:Verdana"><a href="http://www.roboshareware.com/indexplatinumftp.php" style="color: blue; text-decoration: underline; text-underline: single">PlatinumFTP</a> has been notified.</h3>

 

CREDIT

 

Discovered by Jan-Olivier Filiols and Philippe Oechslin.