CVE-2003-1260

CuteFTP 5.0 - Remote Code Execution via Long LIST Command Response

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1260. PoCs published by snooq.

AI-analyzed exploit summary This exploit is a fake FTP server that triggers a buffer overflow in CuteFTP 5.0 by sending an overly long response to the LIST command. It includes shellcode to execute 'notepad.exe' as a proof-of-concept payload.

Description

Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbitrary code via a long response to a LIST command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by snooq · perlremotewindows

https://www.exploit-db.com/exploits/22184

View Code ZIP pw:eip

This exploit is a fake FTP server that triggers a buffer overflow in CuteFTP 5.0 by sending an overly long response to the LIST command. It includes shellcode to execute 'notepad.exe' as a proof-of-concept payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: CuteFTP 5.0 (including build 51.1.23.1)

No auth needed

Prerequisites: Victim must connect to the malicious FTP server · CuteFTP 5.0 must be used by the victim

MITRE ATT&CK