CVE-2019-25321

EUVD-2019-19572
FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remote code execution and launching the calculator as proof of concept.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
internet-softftp_navigator
𝑥
≤ 8.03
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.internet-soft.com/
https://www.exploit-db.com/exploits/47794
https://www.exploit-db.com/exploits/47812
https://www.vulncheck.com/advisories/ftp-navigator-stack-overflow-seh