A buffer overflow was found in the APPE command when passing (as first) a long string with slashes and/or backslashes. The exploit is clearly exploitable as overwritting EIP is quite easy but I'm too lazy...
Attached goes an (unfinished) POC.
The information in this advisory and any of its demonstrations is provided "as is" without any warranty of any kind.
I am not liable for any direct or indirect damages caused as a result of using the information or demonstrations provided in any part of this advisory.
Joxean Koret at <<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es
LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y moviles desde 1 centimo por minuto. http://es.voice.yahoo.com