A critical stack overflow vulnerability in FTP Navigator 8.03 allows attackers to execute arbitrary code and gain system-level access through malicious input in the Custom Command field.

This is a stack-based buffer overflow vulnerability triggered when a long, specially crafted string is pasted into the Custom Command textbox. The flaw allows an attacker to overwrite Structured Exception Handler (SEH) registers, facilitating arbitrary code execution.

The ability to execute arbitrary code on a workstation using FTP Navigator can lead to full system compromise. Given the CVSS score of 9.8, this vulnerability represents a critical risk where attackers could move laterally through the network, exfiltrate sensitive files, or install persistent malware.

Immediate Action: Discontinue the use of FTP Navigator 8.03 and migrate to a modern, supported FTP client that receives regular security updates.

Proactive Monitoring: Review endpoint detection and response (EDR) logs for suspicious child processes spawned by FTP client software, such as cmd.exe or calc.exe.

Compensating Controls: Use application whitelisting to prevent unauthorized software execution and implement strict "Least Privilege" policies to limit the impact of a compromised user account.

Public Exploit Available: false

Legacy software like FTP Navigator 8.03 often lacks modern exploit mitigations. Organizations should prioritize the removal of this software from their environment and transition to secure, maintained alternatives to mitigate the risk of remote code execution.