A remote attacker could execute
The File Transfer Protocol (FTP) allows a client to store
or retrieve files on a server. Win FTP Server
is marketed as a professional FTP Server featuring speed, reliability and customization.
The server incorporates various enhancements such as real-time information functionality,
WFTPSRV.exe LIST FTP Command Buffer Overflow
There exists a buffer overflow vulnerability in Win FTP Server WFTPSRV.exe.
The vulnerability is due to insufficient bounds checking on certain FTP service commands.
A remote unauthenticated attacker can exploit this vulnerability
by sending a specially crafted FTP LIST service command to the target server,
potentially causing arbitrary code injection and execution with the privileges of the affected process.
The WFTPSRV.exe LIST FTP Command Buffer Overflow vulnerability was posted to
http://www.securityfocus.com/bid/33454/ Bugtraq ID 33454.
Low Attack Complexity, Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact