CVE-2012-10023

CRITICAL

FreeFloat FTP Server 1.0.0 - Buffer Overflow

Title source: llm

Description

A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication.

Exploits (3)

exploitdb WORKING POC VERIFIED

by D35m0nd142 · pythonremotewindows

https://www.exploit-db.com/exploits/23243

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by 0v3r · pythonremotewindows

https://www.exploit-db.com/exploits/15689

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by D35m0nd142 · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/freefloatftp_user.rb

View Code ZIP pw:eip

References (7)

[Third Party Advisory] https://my.saintcorporation.com/cgi-bin/exploit_info/freefloat_ftp_server_user_cmd

[Exploit] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freefloatftp_user.rb

[Third Party Advisory] https://web.archive.org/web/20101208040029/http://secunia.com/advisories/42465/

[Product] https://web.archive.org/web/20101213050627/http://www.freefloat.com/sv/about-/about-.php

[Exploit] https://www.exploit-db.com/exploits/15689

[Exploit] https://www.exploit-db.com/exploits/23243

[Third Party Advisory] https://www.vulncheck.com/advisories/freefloat-ftp-server-user-command-buffer-overflow

Scores

CVSS v3 9.8

EPSS 0.7059

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-121

Status published

Products (2)

freefloat/freefloat_ftp_server 1.0

FreeFloat/FTP Server

Published Aug 05, 2025

Tracked Since Feb 18, 2026