CVE-2007-1645

FutureSoft TFTP Server 2000 - Remote Code Execution via Long UDP Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1645. PoCs published by Umesh Wanve.

AI-analyzed exploit summary This exploit targets a SEH overwrite vulnerability in FutureSoft TFTP Server 2000 via a crafted UDP packet. It uses a bind shell payload to open port 5555 on the victim machine.

Description

Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Umesh Wanve · perlremotewindows

https://www.exploit-db.com/exploits/3541

View Code ZIP pw:eip

This exploit targets a SEH overwrite vulnerability in FutureSoft TFTP Server 2000 via a crafted UDP packet. It uses a bind shell payload to open port 5555 on the victim machine.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: FutureSoft TFTP Server 2000

No auth needed

Prerequisites: Network access to the target's TFTP port (UDP 69) · Target running Windows 2000 SP4 with vulnerable TFTP server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/33188

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/3541

Scores

EPSS 0.1312

EPSS Percentile 95.9%

Details

Status published

Products (1)

futuresoft/tftp_server_2000

Published Mar 24, 2007

Tracked Since Feb 18, 2026