CVE-2010-20007

HIGH

Seagull FTP Client <= v3.3 Build 409 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-20007. PoCs published by Metasploit, including Metasploit module exploits/windows/ftp/seagull_list_reply.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in Seagull FTP v3.3 build 409 by sending a maliciously crafted response to a LIST command, overwriting a structured exception handler. It uses a JMP ESP instruction from shell32.dll to redirect execution to the payload.

Description

Seagull FTP Client <= v3.3 Build 409 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long filename, the application fails to properly validate input length, resulting in a buffer overflow that overwrites the Structured Exception Handler (SEH). This may allow remote attackers to execute arbitrary code on the client system. This product line was discontinued and users were advised to use BlueZone Secure FTP instead, at the time of disclosure.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16705

View Code ZIP pw:eip

This exploit targets a stack buffer overflow in Seagull FTP v3.3 build 409 by sending a maliciously crafted response to a LIST command, overwriting a structured exception handler. It uses a JMP ESP instruction from shell32.dll to redirect execution to the payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Seagull FTP v3.3 build 409

No auth needed

Prerequisites: Network access to the target FTP client · Target must initiate a LIST command

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GOOD

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/seagull_list_reply.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Seagull FTP v3.3 Build 409 via an overly long file/folder name in a LIST command response, overwriting a structured exception handler to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Seagull FTP v3.3 Build 409

No auth needed

Prerequisites: Network access to the target FTP client · Target must initiate a LIST command

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/seagull_list_reply.rb

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/16705

Various Sources technical-description exploit

https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/

Various Sources product

https://web.archive.org/web/20120102094617/http://bluezone.rocketsoftware.com/products/secure-managed-file-transfer/bz-secure-ftp/at-a-glance

Various Sources product

https://www3.rocketsoftware.com/bluezone/help/v34/sftp/sftp.htm

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/seagull-ftp-stack-buffer-overflow

Scores

CVSS v4 8.5

EPSS 0.0048

EPSS Percentile 37.2%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

Rocket Software/Seagull FTP Client < 3.3 Build 409

Published Aug 21, 2025

Tracked Since Feb 18, 2026