CVE Catalog

CVE-2018-25366

High
Published: Translated: NVD NIST

Summary

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortcut is created and launched.

Risk Assessment

This vulnerability poses a risk to systems running CuteFTP 5.0 XP, allowing local attackers to gain control over the system. Exploitation of this flaw could lead to unauthorized access to data and resources.

Recommendation

It is recommended to update CuteFTP to the latest version to mitigate this vulnerability. Additionally, restricting system access to trusted users can minimize the risk.

Original NVD description (English source)

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortcut is created and launched.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS