CVE-2011-10005

MEDIUM

EasyFTP 1.7.0.2 - Buffer Overflow via MKD Command Handler

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-10005. PoCs published by b33f, including Metasploit module exploits/windows/ftp/easyftp_mkd_fixret.

AI-analyzed exploit summary This exploit targets a post-authentication buffer overflow in Easy~Ftp Server v1.7.0.2. It uses a crafted MKD command with a payload containing shellcode and an egghunter to achieve remote code execution.

Description

A vulnerability, which was classified as critical, was found in EasyFTP 1.7.0.2. Affected is an unknown function of the component MKD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250716.

Exploits (2)

exploitdb WORKING POC VERIFIED

by b33f · pythonremotewindows

https://www.exploit-db.com/exploits/17354

View Code ZIP pw:eip

This exploit targets a post-authentication buffer overflow in Easy~Ftp Server v1.7.0.2. It uses a crafted MKD command with a payload containing shellcode and an egghunter to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Easy~Ftp Server v1.7.0.2

Auth required

Prerequisites: Network access to the target FTP server · Valid credentials for authentication

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/easyftp_mkd_fixret.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server via the MKD command, using a 'fixRet' technique to inject a larger payload into a small buffer. It targets multiple versions of EasyFTP Server (1.7.0.2 to 1.7.0.11) and achieves remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: EasyFTP Server <= 1.7.0.11

Auth required

Prerequisites: Network access to the FTP service · Valid credentials with directory creation privileges

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Permissions Required, Third Party Advisory vdb-entry

https://vuldb.com/?id.250716

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.250716

Exploit, Third Party Advisory, VDB Entry exploit

https://www.exploit-db.com/exploits/17354

Scores

CVSS v3 6.3

EPSS 0.0351

EPSS Percentile 87.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (1)

easyftp_server_project/easyftp_server 1.7.0.2

Published Jan 16, 2024

Tracked Since Feb 18, 2026