bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/remote/19743.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

22 lines
No EOL
1.3 KiB
Text
Raw Blame History

Cat Soft Serv-U 2.5/a/b,Windows 2000 Advanced Server/2000 Datacenter Server/2000 Professional/2000 Server/2000 Terminal Services/95/98/NT 4.0/NT Enterprise Server 4.0/NT Server 4.0/NT Terminal Server 4.0/NT Workstation 4.0 Shortcut Vulnerability
source: http://www.securityfocus.com/bid/970/info
The Windows API that handles shortcut navigation is susceptible to buffer overflow attacks. The API, "SHGetPathFromIDList" will parse a shortcut file (.lnk) to find the target file, directory or URL. A specifically malformed link will cause any program using the API to follow that shortcut to crash.
NOTE: While this vulnerability listing, as well as the exploit and the original USSR advisory only mention Serv-U FTP server, any Windows, Microsoft, or 3rd party program that uses the API could be vulnerable to this.
dserv2.5b.exe:
Executable exploit for Serv-U FTP server
dserv25b.zip:
Source code for above exploit
link.bro:
Example of a malformed shortcut file.
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/19743-1.zip
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/19743-2.exe
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/19743-3.bro
Reference in a new issue View git blame Copy permalink