Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: bt1025.txt

FTP Desktop Multiple Heap Overflows







Multiple Heap Overflows in FTP Desktop





Introduction:

=============

"FTP Desktop lets you access FTP sites as if they were folders on your

computer.

Now you can move your files between your hard disk and remote FTP sites

with greater ease."

- Vendors Description

   [ http://www.ftpdesktop.com ]



Note:

FTP Desktop is fully integrated into Windows Explorer, so the actual 

module

at fault appears as 'explorer.exe'.





Details:

========

Vulnerable systems: FTP Desktop version 3.5 (and possibly earlier

versions).



Vulnerability: It is possible to cause a Heap overflow in FTP Desktop,

allowing total modification of the EIP pointer - this can be maliciously

altered to allow remote arbitrary code execution. The overflow occurs in

the FTP banner and others areas as it shown here:



FTP Banner:

-----------

(FTP Desktop connected...)

    PADDING EBP  EIP

220 [229xA][4xB][4xX]

(Access violation when executing 0x58585858) // 4xX



Username:

---------

(FTP Desktop Sends 'USER username')

    PADDING EBP  EIP

331 [229xA][4xB][4xX]

(Access violation when executing 0x58585858) // 4xX



Password:

---------

(FTP Desktop Sends 'PASS password')

    PADDING EBP  EIP

331 [229xA][4xB][4xX]

(Access violation when executing 0x58585858) // 4xX





Vendor status:

==============

The vendor has been informed, and they are fixing this bug.

The updated version, when released, can be downloaded from:



http://www.ftpdesktop.net/download.html

[ http://www.ftpdesktop.net/download/ftpsetup.exe ]





Exploit:

========

http://www.elitehaven.net/ftpdesktop.zip



(I would thank Peter Winter-Smith for helping me in the exploitation)





Discovered by/Credit:

=====================

Bahaa Naamneh

b_naamneh@hotmail.com


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH