FreeFloat FTP Server Buffer Overflow Vulnerability in SET Command Handler

A critical buffer overflow vulnerability has been identified in FreeFloat FTP Server version 1.0. This issue arises in the SET Command Handler component, where the application improperly handles input buffer sizes, allowing for remote exploitation. The vulnerability has been publicly disclosed and is actively exploitable.

Impact

Exploitation of this vulnerability leads to a buffer overflow, allowing for arbitrary code execution on the affected system. The vulnerability has been demonstrated to work on Windows XP systems, both Service Pack 2 and 3.

Reproduction

The vulnerability can be reproduced by sending an excessive amount of data through the 'SET' command, which causes the application to crash, indicating a buffer overflow condition. After the crash, the overwritten EIP value can be extracted using a debugger, which is essential for crafting the exploit. The exploit involves redirecting execution to a JMP ESP instruction in a system DLL, after which a payload can be delivered to gain a reverse shell on the target system.