CVE-2008-4321

FlashGet FTP 1.9 - Remote Code Execution via Long PWD Response

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-4321. PoCs published by Guido Landi, SkOd, h07.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Flash9f.ocx on Windows XP systems via an FTP server interaction. It bypasses SafeSEH and executes a calc.exe payload using a Metasploit-generated shellcode.

Description

Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP servers to execute arbitrary code via a long response to the PWD command.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Guido Landi · perlremotewindows
https://www.exploit-db.com/exploits/6256

This exploit targets a buffer overflow vulnerability in Flash9f.ocx on Windows XP systems via an FTP server interaction. It bypasses SafeSEH and executes a calc.exe payload using a Metasploit-generated shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Flash9f.ocx (Windows XP SP1/SP2/SP3)
No auth needed
Prerequisites: Perl environment · Network access to target · Vulnerable Flash9f.ocx version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by SkOd · perlremotewindows
https://www.exploit-db.com/exploits/6248

This exploit targets a stack-based buffer overflow in FlashGet 1.9.0.1012 via an FTP PWD response. It uses SEH overwrite techniques to execute a calc.exe payload, demonstrating remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: FlashGet 1.9.0.1012
No auth needed
Prerequisites: Network access to target · Victim must connect to attacker-controlled FTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by h07 · pythondoswindows
https://www.exploit-db.com/exploits/6240

This exploit demonstrates a remote buffer overflow in FlashGet 1.9 via a maliciously crafted FTP PWD response. The PoC sends an oversized directory path (332 'A' characters) to trigger an SEH overwrite, leading to a crash (EIP=41414141).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: FlashGet 1.9
Auth required
Prerequisites: Network access to target · Target using FlashGet 1.9 as FTP client · Target initiates FTP connection to attacker-controlled server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6256
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30685
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44443
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31481
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6240
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4327
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2381
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6248

Scores

EPSS 0.0574
EPSS Percentile 92.1%

Details

CWE
CWE-119
Status published
Products (1)
flashget/flashget_ftp 1.9
Published Sep 29, 2008
Tracked Since Feb 18, 2026