Vulnerability: Local Bufferoverflow in Personal FTP-Server 8.0f(g)


Vulnerable Software

FTP-Server 8.0f(g)


Local Buffer Overflow (SEH protected)-> Code Execution

Time Line

  • 24.01.2018 Vendor informed
  • 30.01.2018 Vendor reminded
  • 12.02.2018 Software patched
  • 20.02.2018 Vulnerability Disclose


The free FTP-Server from Michael Roth Software is vulnerable to a local buffer overflow. One of the advanced options within the application didn’t have input validation which leads to code execution.