CVE-2011-5164

AbsoluteFTP 1.9.6-2.2.10 - Remote Code Execution via LIST Command Response

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-5164. PoCs published by Node, including Metasploit module exploits/windows/ftp/absolute_ftp_list_bof.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in AbsoluteFTP versions 1.9.6 to 2.2.10 via the LIST command. It uses ROP gadgets from MFC42.DLL to bypass DEP and execute arbitrary code.

Description

Stack-based buffer overflow in VanDyke Software AbsoluteFTP 1.9.6 through 2.2.10 allows remote FTP servers to execute arbitrary code via a crafted file name in a LIST command response.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Node · rubyremotewindows

https://www.exploit-db.com/exploits/18102

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in AbsoluteFTP versions 1.9.6 to 2.2.10 via the LIST command. It uses ROP gadgets from MFC42.DLL to bypass DEP and execute arbitrary code.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AbsoluteFTP 1.9.6 - 2.2.10

No auth needed

Prerequisites: Network access to the target FTP server · Target running a vulnerable version of AbsoluteFTP

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Node · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/absolute_ftp_list_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in AbsoluteFTP via the LIST command, using ROP gadgets to bypass DEP and execute arbitrary code. It targets multiple versions of AbsoluteFTP on Windows systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AbsoluteFTP 1.9.6 - 2.2.10.252

No auth needed

Prerequisites: Network access to the target FTP client · Target must connect to a malicious FTP server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18102

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/46781

Various Sources x_refsource_misc

http://www.saintcorporation.com/cgi-bin/exploit_info/vandyke_absoluteftp_list_client_overflow

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/77105

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/50614

Scores

EPSS 0.2858

EPSS Percentile 97.9%

Details

CWE

CWE-119

Status published

Products (14)

vandyke/absoluteftp 1.9.6

vandyke/absoluteftp 2.0.3

vandyke/absoluteftp 2.0.4

vandyke/absoluteftp 2.0.5

vandyke/absoluteftp 2.2.1

vandyke/absoluteftp 2.2.2

vandyke/absoluteftp 2.2.3

vandyke/absoluteftp 2.2.4

vandyke/absoluteftp 2.2.5

vandyke/absoluteftp 2.2.6

... and 4 more

Published Sep 15, 2012

Tracked Since Feb 18, 2026