CVE-2006-3952

EFS Software Easy File Sharing FTP Server 2.0 - Stack-Based Buffer Overflow via PASS Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2006-3952. PoCs published by superkojiman, Metasploit, Winny Thomas, including Metasploit module exploits/windows/ftp/easyfilesharing_pass.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in Easy File Sharing FTP Server 3.5 by sending an overly long password during authentication. It leverages a pop/pop/retn address from SSLEAY32.DLL for reliable SEH exploitation and executes a calc.exe shellcode payload.

Description

Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Exploits (5)

exploitdb WORKING POC VERIFIED
by superkojiman · pythonremotewindows
https://www.exploit-db.com/exploits/33538

This exploit targets a stack buffer overflow in Easy File Sharing FTP Server 3.5 by sending an overly long password during authentication. It leverages a pop/pop/retn address from SSLEAY32.DLL for reliable SEH exploitation and executes a calc.exe shellcode payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Easy File Sharing FTP Server 3.5
No auth needed
Prerequisites: Network access to the FTP server · FTP server version 3.5 with SSLEAY32.DLL present
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16742

This is a Metasploit module exploiting a stack buffer overflow in Easy File Sharing FTP Server 2.0 via an overly long password during authentication. It achieves remote code execution by overwriting the return address with a target-specific address.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Easy File Sharing FTP Server 2.0
No auth needed
Prerequisites: Network access to the FTP service · Anonymous authentication enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Winny Thomas · pythonremotewindows
https://www.exploit-db.com/exploits/3579

This exploit targets a buffer overflow vulnerability in Easy File Sharing FTP Server 2.0, delivering a bind shell on TCP port 4444. It leverages a crafted PASS command to trigger the overflow and execute shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Easy File Sharing FTP Server 2.0
No auth needed
Prerequisites: Network access to the target FTP server · FTP server running Easy File Sharing 2.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by h07 · pythonremotewindows
https://www.exploit-db.com/exploits/2234

This exploit targets a buffer overflow vulnerability in Easy File Sharing FTP Server 2.0 via the PASS command. It sends a crafted payload with NOP sleds, shellcode (executes calc.exe), and a controlled EIP to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Easy File Sharing FTP Server 2.0
No auth needed
Prerequisites: Network access to the FTP server · FTP server running Easy File Sharing 2.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/easyfilesharing_pass.rb

This Metasploit module exploits a stack buffer overflow in Easy File Sharing FTP Server 2.0 by sending an overly long password during authentication, allowing arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Easy File Sharing FTP Server 2.0
No auth needed
Prerequisites: Network access to the target FTP server · Anonymous authentication enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28084
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3068
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21289
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19243
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/27646

Scores

EPSS 0.6633
EPSS Percentile 99.2%

Details

Status published
Products (1)
efs_software/efs_ftp_server 2.0
Published Aug 01, 2006
Tracked Since Feb 18, 2026