Added: 12/08/2006
CVE: CVE-2006-6183
BID: 21301
OSVDB: 30758
3CTftpSvc by 3Com is a freeware implementation of the TFTP protocol for Windows.
A buffer overflow vulnerability in the 3Com TFTP server allows remote attackers to execute arbitrary commands by sending a long, specially crafted transporting mode in a GET or PUT request.
Delete the 3Com TFTP server. It is no longer supported by the vendor.
<http://www.securityfocus.com/archive/1/452754>
Exploit works on 3Com TFTP server 2.0.1.
Windows 2000
Windows XP SP0 / Windows XP SP1
Windows XP SP2 / Windows XP
Windows Server 2003 SP0
Windows Server 2003 SP1 / Windows Server 2003