Serv-U MDTM exploit v1.11 Vulnerability exploited: NOCVE-2004-7003 - BID-9751 Category: Exploits/Remote This module exploits a buffer overflow and installs a level0 agent into the target host. Serv-U supports an FTP command, "MDTM", which is used to change a file's modification time. An internal memory buffer may be overrun while handling an malformed time zone as MDTM argument. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the serv-u process, typically administrator or system.The Serv-U server will be left inaccessible after successful exploitation. Supported Systems: Windows 2000 Advanced Server - sp3 (i386) Windows 2000 Advanced Server - sp4 (i386) Windows 2000 Server - sp0 (i386) Windows 2000 Server - sp3 (i386) Windows 2000 Server - sp4 (i386) Windows 2000 Professional - sp3 (i386) Windows 2000 Professional - sp4 (i386) Serv-U v3.1.0.3 Serv-U v4.0.0.4 Serv-U v4.1.0.0 Serv-U v4.1.0.3 This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.