CVE-2004-2074

Dream FTP 1.02 - Denial of Service via Format String in PASS or RETR Commands

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2004-2074. PoCs published by Metasploit, Skylined, aushack, including Metasploit module exploits/windows/ftp/dreamftp_format.

AI-analyzed exploit summary This Metasploit module exploits a format string vulnerability in BolinTech Dream FTP Server 1.02, allowing remote code execution via a crafted payload sent to the FTP service on port 21.

Description

Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16712

View Code ZIP pw:eip

This Metasploit module exploits a format string vulnerability in BolinTech Dream FTP Server 1.02, allowing remote code execution via a crafted payload sent to the FTP service on port 21.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BolinTech Dream FTP Server 1.02

No auth needed

Prerequisites: Network access to the target FTP server · Target running BolinTech Dream FTP Server 1.02

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Skylined · cremotewindows

https://www.exploit-db.com/exploits/823

View Code ZIP pw:eip

This exploit targets a format string vulnerability in Dream FTP v1.2, leveraging a shellcode payload to bind a shell on port 28876. It manipulates the SEH handler to redirect execution to the shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Dream FTP v1.2

No auth needed

Prerequisites: Network access to the target FTP server · Dream FTP v1.2 running on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GOOD

by aushack · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/dreamftp_format.rb

View Code ZIP pw:eip

This Metasploit module exploits a format string vulnerability in BolinTech Dream FTP Server 1.02, allowing remote code execution via a crafted payload sent to the FTP service on port 21. The exploit leverages a format string overflow to overwrite memory and execute arbitrary code.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BolinTech Dream FTP Server v1.02

No auth needed

Prerequisites: Network access to the target FTP server · Target running BolinTech Dream FTP Server v1.02

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/15380

Exploit vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1009295

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/9800

Scores

EPSS 0.3578

EPSS Percentile 98.3%

Details

Status published

Products (1)

bolintech/dream_ftp_server 1.02

Published Dec 31, 2004

Tracked Since Feb 18, 2026