Local Code Execution in Core FTP Server

Core FTP Server v1.2 build 505 (latest version) and possibly earlier versions, suffer from multiple buffer overflow vulnerabilities, when reading data from the config.dat file and/or Windows Registry using the lstrcpy and RegQueryValueEx functions without evaluating the size of the data based on the size of the destination buffer, which can lead to arbitrary code execution.

Read more here – https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1215/

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top