FTP Commander Pro Stack Overflow Vulnerability Allowing Arbitrary Code Execution

A local stack overflow vulnerability has been identified in FTP Commander Pro versions 8.02 and 8.03. This vulnerability allows attackers to execute arbitrary code by overwriting the EIP register through custom command input. By crafting a malicious payload of 4108 bytes, attackers can overwrite memory, execute shellcode, and potentially execute remote code.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution.

Reproduction

To reproduce this vulnerability, open FTP Commander Pro and navigate to the 'Custom Command' option under the 'FTP - Server' menu. A textbox will appear where the crafted payload can be pasted. After submitting the command, the application will crash, indicating an access violation. The Exploit Database entry for this vulnerability provides a detailed Python script that automates the payload generation and exploitation process.