CVE-2001-0296

WFTPD Pro 3.00 - Remote Code Execution via Long CWD Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0296. PoCs published by Len Budney.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in WFTPD Pro 3.00 R4 via the 'RETR' or 'CWD' commands. It sends an overly long string to trigger the overflow, potentially allowing arbitrary code execution.

Description

Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Len Budney · cremotewindows

https://www.exploit-db.com/exploits/20794

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in WFTPD Pro 3.00 R4 via the 'RETR' or 'CWD' commands. It sends an overly long string to trigger the overflow, potentially allowing arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: WFTPD Pro 3.00 R4

No auth needed

Prerequisites: Network access to the target FTP server · WFTPD Pro 3.00 R4 running on Windows NT 4.0 with SP3, SP4, or SP6

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2001-02/0531.html

Scores

EPSS 0.0497

EPSS Percentile 91.1%

Details

Status published

Products (1)

texas_imperial_software/wftpd_pro 3.00

Published May 03, 2001

Tracked Since Feb 18, 2026