Vendor: InterSoft International Inc.
Product: NetTerm
Version: 5.1.1, probably lower versions too
Vulnerability Type: Buffer Overflow
Download Link: http://www.securenetterm.com/pub/nt32511i.exe

Credits:
  Discovered by Sergio 'shadown' Alvarez, while dictating a 'Vuln-Dev on Win32 and Exploits Coding' course.

History:
  Discovered date: 21/04/2005
  Reported: 26/04/2005
  Vendor Response: 26/04/2005
  		This is a known bug that has been reported to our clients.
		Netftpd was a free addition to our NetTerm product, at the request of our clients.
		They were warned to never use netftpd as a general purpose ftp server, and to only use it behind a firewall.
		However, it does still present a potential problem, so we have removed it from the NetTerm distribution.
		Our www site at www.netterm.com and www.securenetterm.com has been updated with a version of NetTerm that does not contain the netftpd.exe program.
		We will also update the What's New page on both web sites for the new release in the next two days.
		Thanks for bringing to to our attention.	  
			Ken
  Patch Release: None
  Public Advisorie: 26/04/2005

Description:
  NetTerm is one of the most used win32 telnet client software.

Vulnerabilitie:
  NetTerm's NetFtpd 4.2.2 has a buffer overflow on authentication. I've just tested 'user' command, but probably other commands are vulnerable too.

Patch:
	None.

WorkAround:
  Don't use it.
  
PoC Exploit:
  Attached is a working exploit for Win2k, any SP.