CVE-1999-1539

QVT/Net 4.3 and QVT/Term Plus 4.2d-4.3 - Buffer Overflow via Long Username or Password

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1539. PoCs published by Ussr Labs.

AI-analyzed exploit summary The exploit describes a denial of service vulnerability in QPC's QVT FTP server due to an unchecked buffer in the logon function. Sending a username/password pair longer than 2000 characters causes the server to crash on subsequent connection attempts.

Description

Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions 4.2d and 4.3 and QVT/Net 4.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long (1) user name or (2) password.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Ussr Labs · textdoswindows
https://www.exploit-db.com/exploits/19619

The exploit describes a denial of service vulnerability in QPC's QVT FTP server due to an unchecked buffer in the logon function. Sending a username/password pair longer than 2000 characters causes the server to crash on subsequent connection attempts.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: QPC QVT FTP Server
No auth needed
Prerequisites: Network access to the vulnerable FTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_ntbugtraq
http://marc.info/?l=ntbugtraq&m=94223972910670&w=2
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/796
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/3491
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=94225924803704&w=2

Scores

EPSS 0.1186
EPSS Percentile 95.6%

Details

Status published
Products (3)
qpc_software/qvt_net 4.3
qpc_software/qvt_term_plus 4.2d
qpc_software/qvt_term_plus 4.3
Published Nov 10, 1999
Tracked Since Feb 18, 2026