CVE-2008-5753

BulletProof FTP Client <2.63 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-5753. PoCs published by His0k4, Gabor Seljan.

AI-analyzed exploit summary This exploit demonstrates a local heap overflow vulnerability in BulletProof FTP Client v2.63 (Build 56) by crafting a malicious bookmark file. The PoC generates a 'sites.txt' file with an overly long FTP URL to trigger the overflow, potentially allowing arbitrary code execution.

Description

Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar.

Exploits (2)

exploitdb WORKING POC VERIFIED
by His0k4 · pythondoswindows
https://www.exploit-db.com/exploits/7571

This exploit demonstrates a local heap overflow vulnerability in BulletProof FTP Client v2.63 (Build 56) by crafting a malicious bookmark file. The PoC generates a 'sites.txt' file with an overly long FTP URL to trigger the overflow, potentially allowing arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: BulletProof FTP Client v2.63 (Build 56)
No auth needed
Prerequisites: Ability to write a file to the target system · User interaction to import and run the malicious bookmark file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Gabor Seljan · pythonlocalwindows
https://www.exploit-db.com/exploits/37056

This exploit leverages a buffer overflow vulnerability in BulletProof FTP Client 2010 to achieve remote code execution via SEH overwrite and ROP chain. It includes an egghunter and shellcode to spawn calc.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: BulletProof FTP Client 2010.75.0.76
No auth needed
Prerequisites: Target must be running BulletProof FTP Client 2010.75.0.76 on Windows XP SP3 English
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7571
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/50968
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33322
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33007
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/565580
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37056/
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4835

Scores

EPSS 0.0747
EPSS Percentile 93.7%

Details

CWE
CWE-119
Status published
Products (1)
bpftp/bulletproof_ftp_client 2.63
Published Dec 30, 2008
Tracked Since Feb 18, 2026