CVE-2004-1118

WodFtpDLX ActiveX Component < 2.3.2.97 - Buffer Overflow via Long Filename

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-1118. PoCs published by Komrade.

AI-analyzed exploit summary This exploit creates a fake FTP server to trigger a buffer overflow in CoffeeCup FTP clients, spawning a reverse shell on port 5555. It supports both local and remote execution, targeting specific versions of CoffeeCup Direct FTP and Free FTP.

Description

Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component before 2.3.2.97, as used by CoffeeCup Direct FTP 6.2.0.62 and CoffeeCup Free FTP 3.0.0.10, and possibly other applications, allows remote attackers to execute arbitrary code via a long filename.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Komrade · cremotewindows

https://www.exploit-db.com/exploits/650

View Code ZIP pw:eip

This exploit creates a fake FTP server to trigger a buffer overflow in CoffeeCup FTP clients, spawning a reverse shell on port 5555. It supports both local and remote execution, targeting specific versions of CoffeeCup Direct FTP and Free FTP.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: CoffeeCup Direct FTP 6.2.0.62, CoffeeCup Free FTP 3.0.0.10

No auth needed

Prerequisites: Network access to target · Target must connect to the fake FTP server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Komrade · cdoswindows

https://www.exploit-db.com/exploits/649