CVE-2004-1135

WS_FTP Server 5.03 2004.10.14 - Denial of Service via Long SITE, XMKD, MKD, or RNFR Commands

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2004-1135. PoCs published by Metasploit, NoPh0BiA, et, including Metasploit module exploits/windows/ftp/wsftp_server_503_mkd.

AI-analyzed exploit summary This is a Metasploit module exploiting a buffer overflow in the MKD command of WS-FTP Server 5.03. It leverages a stack-based overflow to execute arbitrary payloads, with a specific return address in libeay32.dll.

Description

Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16719

This is a Metasploit module exploiting a buffer overflow in the MKD command of WS-FTP Server 5.03. It leverages a stack-based overflow to execute arbitrary payloads, with a specific return address in libeay32.dll.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WS-FTP Server 5.03
Auth required
Prerequisites: Network access to the FTP server · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by NoPh0BiA · cdoswindows
https://www.exploit-db.com/exploits/664

This exploit targets a buffer overflow vulnerability in Ipswitch WS_FTP Server. It sends a maliciously crafted MKD command with a long string to overflow the buffer, overwrite the return address, and execute shellcode to spawn a reverse shell on port 4444.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ipswitch WS_FTP Server (likely versions prior to patches for CVE-2004-1135)
Auth required
Prerequisites: Network access to the target FTP server · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by et · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/wsftp_server_503_mkd.rb

This Metasploit module exploits a buffer overflow in WS-FTP Server 5.03 via the MKD command, allowing remote code execution. It uses a known return address in libeay32.dll to bypass DEP and execute payloads.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WS-FTP Server 5.03
Auth required
Prerequisites: Network access to WS-FTP Server 5.03 · Valid FTP credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110177654524819&w=2
Various Sources x_refsource_misc
http://www.securiteam.com/exploits/6D00L2KBPG.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18296

Scores

EPSS 0.4964
EPSS Percentile 98.7%

Details

Status published
Products (1)
ipswitch/ws_ftp_server 5.03
Published Jan 10, 2005
Tracked Since Feb 18, 2026