Description
Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16712
metasploit
WORKING POC
GOOD
by aushack · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/dreamftp_format.rb
Scores
EPSS
0.5556
EPSS Percentile
98.1%
Details
Status
published
Products (1)
bolintech/dream_ftp_server
1.02
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026