CVE-1999-0256

Jgaa Warftpd < 1.66 - Buffer Overflow

Title source: rule

Exploitation Summary

EIP tracks 4 public exploits for CVE-1999-0256. PoCs published by Metasploit, including Metasploit module exploits/windows/ftp/warftpd_165_pass.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in War-FTPD 1.65 via the PASS command. It sends a maliciously crafted buffer to achieve remote code execution on Windows 2000 systems.

Description

Buffer overflow in War FTP allows remote execution of commands.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16706

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in War-FTPD 1.65 via the PASS command. It sends a maliciously crafted buffer to achieve remote code execution on Windows 2000 systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: War-FTPD 1.65

No auth needed

Prerequisites: Anonymous login enabled · Windows 2000 target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16724

View Code ZIP pw:eip

This exploit targets a buffer overflow in War-FTPD 1.65 via the USER command, allowing remote code execution. It includes multiple return addresses for different Windows versions and a structured payload delivery mechanism.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: War-FTPD 1.65

No auth needed

Prerequisites: Network access to the target FTP server · Target running War-FTPD 1.65 on a vulnerable Windows version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/warftpd_165_pass.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in War-FTPD 1.65 via the PASS command, targeting Windows 2000 systems. It sends a maliciously crafted payload to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: War-FTPD 1.65

No auth needed

Prerequisites: War-FTPD 1.65 running on Windows 2000 · Anonymous login enabled · Network access to the FTP service

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/warftpd_165_user.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in War-FTPD 1.65 via the USER command, allowing remote code execution. It includes multiple targets for different Windows versions and uses a standard overflow technique with NOP sleds and a return address overwrite.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: War-FTPD 1.65

No auth needed

Prerequisites: Network access to the target FTP server · War-FTPD 1.65 running on a vulnerable Windows version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/875

Scores

EPSS 0.7242

EPSS Percentile 99.4%

Details

Status published

Products (3)

jgaa/warftpd < 1.66

microsoft/windows_95

microsoft/windows_nt

Published Feb 01, 1998

Tracked Since Feb 18, 2026