CVE-2008-1724

SecureTransport Server <4.6.1 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-1724. PoCs published by Metasploit, Patrick Webster, including Metasploit module exploits/windows/browser/tumbleweed_filetransfer.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in the Tumbleweed FileTransfer ActiveX control (vcst_eu.dll 1.0.0.5) via an overly long string in the TransferFile() function's 'remotefile' parameter. It delivers a payload via an HTTP server hosting a malicious HTML page with embedded JavaScript.

Description

Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile parameter.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16563

This Metasploit module exploits a stack buffer overflow in the Tumbleweed FileTransfer ActiveX control (vcst_eu.dll 1.0.0.5) via an overly long string in the TransferFile() function's 'remotefile' parameter. It delivers a payload via an HTTP server hosting a malicious HTML page with embedded JavaScript.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Tumbleweed SecureTransport FileTransfer Module (vcst_eu.dll 1.0.0.5)
No auth needed
Prerequisites: Target must have the vulnerable ActiveX control installed and enabled · Target must visit the attacker-controlled web page
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Patrick Webster · htmlremotewindows
https://www.exploit-db.com/exploits/5398

This exploit demonstrates a buffer overflow vulnerability in Tumbleweed SecureTransport FileTransfer ActiveX Control (vcst_en.dll). The PoC triggers a stack overflow via the 'remoteFile' parameter in the TransferFile method, leading to remote code execution under the context of the current user.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Tumbleweed SecureTransport FileTransfer ActiveX Control vcst_en.dll 1.0.0.5
No auth needed
Prerequisites: Victim must visit a malicious page or open a malicious HTML email · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/tumbleweed_filetransfer.rb

This Metasploit module exploits a stack buffer overflow in the Tumbleweed FileTransfer ActiveX control (vcst_eu.dll) by sending an overly long string to the TransferFile() function, leading to arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Tumbleweed SecureTransport vcst_eu.dll (1.0.0.5)
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490536/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29717
Exploit third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3806
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41692
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1165/references
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5398
Various Sources x_refsource_misc
http://www.aushack.com/200708-tumbleweed.txt
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28662

Scores

EPSS 0.3513
EPSS Percentile 98.2%

Details

CWE
CWE-119
Status published
Products (1)
tumbleweed/securetransport_server_app < 4.6.1
Published Apr 11, 2008
Tracked Since Feb 18, 2026