This module exploits a vulnerability found in TFTP Server 1.4 ST. The flaw
is due to the way TFTP handles the filename parameter extracted from a WRQ request.
The server will append the user-supplied filename to TFTP server binary's path
without any bounds checking, and then attempt to check this path with a fopen().
Since this isn't a valid file path, fopen() returns null, which allows the
corrupted data to be used in a strcmp() function, causing an access violation.
Since the offset is sensitive to how the TFTP server is launched, you must know
in advance if your victim machine launched the TFTP as a 'Service' or 'Standalone'
, and then manually select your target accordingly. A successful attempt will lead
to remote code execution under the context of SYSTEM if run as a service, or
the user if run as a standalone. A failed attempt will result a denial-of-service.