Edit Report

Our sensors found this exploit at:

Below is a copy:

Filezilla windows installer Privileges Escalation-----------------------------------
# Exploit Title: Filezilla windows installer Privileges Escalation
via unquoted path vulnerability
# Date: 08/05/2016
# Exploit Author: Cyril Vallicari
# Vendor Homepage:
# Software Link:
# Version:
# Tested on: Windows 7 x64 SP1 (but it should works on all windows version)
# CVE : Asked it is reviewed (11/08/2016)
Summary : FileZilla is a free software, cross-platform FTP application,
consisting of FileZilla Client and FileZilla Server. Client binaries are
available for Windows, Linux, and Mac OS X.
Description : The installer of Filezilla for Windows version and
probably prior and prone to unquoted path vulnerability .
The unquoted command called is : C:Program FilesFileZilla FTP
Clientuninstall.exe _?=C:Program FilesFileZilla FTP Client
This could potentially allow an authorized but non-privileged local user to
execute arbitrary code with elevated privileges on the system.
Put a software named "Program.exe" in C: (or named
Filezilla.exe/Filezilla FTP.exe in Program Files)
Then uninstall Filezilla from installer
After clicking "Next" on the installer window, Program.exe is execute with
Administrator rights
POC video :
Patch :
Fixed in version

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.