According to www.securityfocus.com:
WS_FTP Server is vulnerable to a buffer overflow condition when a user submits a specially crafted legitimate FTP command. WS_FTP Server by default runs as a SYSTEM service.
If a logged in user submits a 'STAT' command along with arbitrary characters (approx 479 bytes) to a host running WS_FTP Server, this could result in the overwriting of stack variables, including the return address, and potentially the execution of arbitrary code with SYSTEM privileges.
This vulnerability does not exist in version 2.0.4.
Link
WS_FTP Server is vulnerable to a buffer overflow condition when a user submits a specially crafted legitimate FTP command. WS_FTP Server by default runs as a SYSTEM service.
If a logged in user submits a 'STAT' command along with arbitrary characters (approx 479 bytes) to a host running WS_FTP Server, this could result in the overwriting of stack variables, including the return address, and potentially the execution of arbitrary code with SYSTEM privileges.
This vulnerability does not exist in version 2.0.4.
Link
