CVE-2003-0558

LeapFTP 2.7.3.600 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2003-0558. PoCs published by Metasploit, drG4njubas, aushack, including Metasploit module exploits/windows/ftp/leapftp_pasv_reply.

AI-analyzed exploit summary This exploit targets a buffer overflow in LeapWare LeapFTP v2.7.3.600 via an excessively long PASV reply command. It leverages SEH overwrites to achieve remote code execution on vulnerable Windows systems.

Description

Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to execute arbitrary code via a long IP address response to a PASV request.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16708

View Code ZIP pw:eip

This exploit targets a buffer overflow in LeapWare LeapFTP v2.7.3.600 via an excessively long PASV reply command. It leverages SEH overwrites to achieve remote code execution on vulnerable Windows systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: LeapWare LeapFTP v2.7.3.600

No auth needed

Prerequisites: Network access to the target FTP client · Target must initiate a connection to the malicious FTP server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by drG4njubas · cremotewindows

https://www.exploit-db.com/exploits/54

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in LeapFTP 2.7.3.600 by sending a maliciously crafted PASV response with an overly long IP address, overwriting the Structured Exception Handler (SEH) to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: LeapFTP 2.7.3.600

No auth needed

Prerequisites: Network access to the target system · LeapFTP client configured to use PASV mode

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by aushack · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/leapftp_pasv_reply.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in LeapFTP v2.7.3.600 via an excessively long PASV reply command, leading to remote code execution. It uses SEH overwrites and targets multiple Windows versions with specific return addresses.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: LeapWare LeapFTP v2.7.3.600

No auth needed

Prerequisites: Network access to the target FTP client · Target must initiate a connection to the malicious FTP server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=105795219412333&w=2

Scores

EPSS 0.5646

EPSS Percentile 98.9%

Details

Status published

Products (1)

leapware/leapftp 2.7.3.600

Published Aug 18, 2003

Tracked Since Feb 18, 2026