CVE-2018-25366
HighSummary
CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortcut is created and launched.
Risk Assessment
This vulnerability poses a risk to systems running CuteFTP 5.0 XP, allowing local attackers to gain control over the system. Exploitation of this flaw could lead to unauthorized access to data and resources.
Recommendation
It is recommended to update CuteFTP to the latest version to mitigate this vulnerability. Additionally, restricting system access to trusted users can minimize the risk.
Original NVD description (English source)
CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortcut is created and launched.

