Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.
Published 2006-08-24 01:04:00
Updated 2017-10-19 01:29:20
Source MITRE
View at NVD,   CVE.org
Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2006-4318

67.46%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2006-4318

  • Texas Imperial Software WFTPD 3.23 SIZE Overflow
    Disclosure Date: 2006-08-23
    First seen: 2020-04-26
    exploit/windows/ftp/wftpd_size
    This module exploits a buffer overflow in the SIZE verb in Texas Imperial's Software WFTPD 3.23. Authors: - MC <mc@metasploit.com>

CVSS scores for CVE-2006-4318

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
6.5
MEDIUM AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
NIST

Vendor statements for CVE-2006-4318

  • Texas Imperial Software 2011-01-07
    Texas Imperial Software has tested this issue against current versions of WFTPD and WFTPD Pro, and finds that versions after 3.23 are not vulnerable. Users of WFTPD or WFTPD Pro should update to the most current version in order to address this issue. The update is free to fully registered users unregistered users can download a fresh copy of the shareware version of the application.

Products affected by CVE-2006-4318

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!