CVE-2003-0561

IglooFTP PRO 3.8 - Remote Code Execution via Long FTP Banner or Command Response

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2003-0561. PoCs published by inv[at]dtors, Peter Winter-Smith, vkhoshain.

AI-analyzed exploit summary This Perl script exploits a buffer overflow vulnerability in multiple FTP clients (IglooFTP, cftp, moxftp) by sending a maliciously crafted FTP banner or directory listing. It supports both portbind and connect-back shellcode for remote code execution.

Description

Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers to execute arbitrary code via (1) a long FTP banner, or long responses to the client commands (2) USER, (3) PASS, (4) ACCT, and possibly other commands.

Exploits (3)

exploitdb WORKING POC VERIFIED
by inv[at]dtors · perlremotefreebsd
https://www.exploit-db.com/exploits/22891

This Perl script exploits a buffer overflow vulnerability in multiple FTP clients (IglooFTP, cftp, moxftp) by sending a maliciously crafted FTP banner or directory listing. It supports both portbind and connect-back shellcode for remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: IglooFTP 0.6.1, cftp 0.12, moxftp/mftp 2.2
No auth needed
Prerequisites: Network access to target FTP client · Perl environment to run the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Peter Winter-Smith · textremotewindows
https://www.exploit-db.com/exploits/22872

The provided text is a vulnerability writeup for CVE-2003-0561, describing multiple buffer overflow vulnerabilities in IglooFTP PRO for Windows. It lacks actual exploit code but references a binary exploit available via a GitLab link.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Theoretical
Reliability
Theoretical
Target: IglooFTP PRO version 3.8
No auth needed
Prerequisites: Network access to the vulnerable IglooFTP PRO service
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by vkhoshain · cremotewindows
https://www.exploit-db.com/exploits/22871

This exploit targets a buffer overflow vulnerability in IglooFTP PRO 3.8 by sending a crafted response to an FTP client connection, triggering arbitrary code execution (notepad.exe) via shellcode. The exploit sets up a malicious FTP server on port 21 to deliver the payload.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: IglooFTP PRO 3.8
No auth needed
Prerequisites: Network access to the target · Target must initiate an FTP connection to the attacker's server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0010.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105769805311484&w=2

Scores

EPSS 0.0379
EPSS Percentile 88.6%

Details

Status published
Products (1)
iglooftp/iglooftp_pro 3.8
Published Aug 18, 2003
Tracked Since Feb 18, 2026