CVE-2014-125114
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-07-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| memecode | i-ftp | 2.20 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow a remote or local attacker to execute arbitrary code on the affected system or cause the i-Ftp application to crash (denial of service). Successful exploitation could lead to unauthorized control over the system running i-Ftp 2.20, potentially compromising confidentiality, integrity, and availability of data and system resources. The attacker can run malicious payloads without requiring elevated privileges, but user interaction is needed to place the crafted Schedule.xml file in the application directory. [1, 2, 3, 4]
Can you explain this vulnerability to me?
CVE-2014-125114 is a stack-based buffer overflow vulnerability in i-Ftp version 2.20. It occurs due to improper handling of the 'Time' attribute within a Schedule.xml file used by the application. By placing a specially crafted Schedule.xml file with an excessively long 'Time' value in the i-Ftp directory, an attacker can trigger a buffer overflow when the application parses scheduled downloads. This overflow can lead to arbitrary code execution or cause the application to crash. The exploit targets Windows platforms and uses techniques such as Structured Exception Handler (SEH) overwrite to execute malicious payloads. [1, 2, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of a specially crafted Schedule.xml file in the i-Ftp application directory, particularly looking for an excessively long 'Time' attribute value in the Schedule.xml file. Since the exploit involves a buffer overflow triggered by this attribute, inspecting the Schedule.xml file for unusually long or suspicious 'Time' values can help detect the vulnerability. There are no specific network detection commands provided, as the attack requires placing a malicious file locally. However, you can use file inspection commands such as 'findstr' on Windows or 'grep' on Unix-like systems to search for suspicious 'Time' attribute lengths in Schedule.xml files. For example, on Windows PowerShell: Get-Content Schedule.xml | Select-String -Pattern 'Time=".{600,}"' to find 'Time' attributes with 600 or more characters. On Unix-like systems: grep -Eo 'Time=".{600,}"' Schedule.xml. Additionally, monitoring for crashes or abnormal behavior in the i-Ftp application when processing Schedule.xml files may indicate exploitation attempts. [1, 2, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing or quarantining any Schedule.xml files with suspiciously long 'Time' attribute values from the i-Ftp application directory to prevent the buffer overflow from being triggered. Restrict access to the i-Ftp installation folder to prevent unauthorized users from placing malicious Schedule.xml files. If possible, update or patch the i-Ftp application to a version that addresses this vulnerability, although no specific patch information is provided. Additionally, avoid running i-Ftp with elevated privileges to limit the impact of potential exploitation. Monitoring and alerting on application crashes related to Schedule.xml processing can also help in early detection and response. [1, 2, 4]