FTP Synchronizer Professional Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in FTP Synchronizer Professional versions through 4.0.73.274. This vulnerability occurs when the client connects to an FTP server and issues a LIST command, typically during synchronization previews or profile creation. The server's response, containing an excessively long filename, triggers the buffer overflow, corrupting the Structured Exception Handler (SEH) and potentially allowing for remote code execution.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for memory corruption and potential remote code execution.

Reproduction

The vulnerability can be reproduced by using an FTP server that sends back a directory listing with overly long filenames in response to a LIST command. This can be done manually or by using a custom-built FTP client fuzzer that is part of the Metasploit framework. The Metasploit module for this vulnerability automates the exploitation process by sending a crafted response that triggers the buffer overflow.