Vulnerability Description
FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remote code execution and launching the calculator as proof of concept.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Internet-Soft | Ftp Navigator | <= 8.03 |
Related Weaknesses (CWE)
References
- http://www.internet-soft.com/Product
- https://www.exploit-db.com/exploits/47794ExploitVDB Entry
- https://www.exploit-db.com/exploits/47812ExploitThird Party AdvisoryVDB Entry
- https://www.vulncheck.com/advisories/ftp-navigator-stack-overflow-sehThird Party Advisory
FAQ
What is CVE-2019-25321?
CVE-2019-25321 is a vulnerability with a CVSS score of 9.8 (CRITICAL). FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious ...
How severe is CVE-2019-25321?
CVE-2019-25321 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-25321?
Check the references section above for vendor advisories and patch information. Affected products include: Internet-Soft Ftp Navigator.