Vulnerability Development mailing list archives

Re: Buffer overflow in Microsoft ftp.exe

From: "D.C. van Moolenbroek" <dc.van.moolenbroek () chello nl>
Date: Wed, 30 Apr 2003 23:49:48 +0200

"aT4r InsaN3" wrote:

if an attacker with axx to the system is able to modify the scriptfile he
can modify the script and place an evil command Quote AAAAAA..SHELLCODE...
and execute code with elevated privileges.


Yes, but since he can also use the ftp client's built-in "!" command to
execute shell commands in that case, this does not seem to be a very
realistic scenario?

Regards,

David

--
class sig{static void main(String[]s){for// D.C. van Moolenbroek
(int _=0;19>_;System.out.print((char)(52^// (CS student, VU, NL)
"Y`KbddaZ}`P#KJ#caBG".charAt(_++)-9)));}}// -Java sigs look bad-

Current thread:

Buffer overflow in Microsoft ftp.exe aT4r InsaN3 (Apr 30)
- Re: Buffer overflow in Microsoft ftp.exe D.C. van Moolenbroek (Apr 30)
- <Possible follow-ups>
- Re: Buffer overflow in Microsoft ftp.exe rdusek (Apr 30)