CVE-2012-10055

CRITICAL

ComSndFTP FTP Server <1.3.7 Beta - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-10055. PoCs published by Metasploit, demonalex, including Metasploit module exploits/windows/ftp/comsnd_ftpd_fmtstr.

AI-analyzed exploit summary This exploit targets a buffer overflow in ComSndFTP v1.3.7 Beta by sending a crafted username with format string specifiers to overwrite a function pointer, bypass DEP, and execute arbitrary code via ROP chains.

Description

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. The vulnerability is exploitable without authentication and affects default configurations.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/19177

This exploit targets a buffer overflow in ComSndFTP v1.3.7 Beta by sending a crafted username with format string specifiers to overwrite a function pointer, bypass DEP, and execute arbitrary code via ROP chains.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: ComSndFTP v1.3.7 Beta
No auth needed
Prerequisites: Network access to the FTP server on port 21 · Target running Windows XP SP3 or Windows Server 2003
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by demonalex · perldoswindows
https://www.exploit-db.com/exploits/19024

This exploit demonstrates a format string vulnerability in ComSndFTP Server 1.3.7 Beta. By sending a maliciously crafted USER command with format specifiers, it triggers a denial-of-service condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: ComSndFTP Server 1.3.7 Beta
No auth needed
Prerequisites: Network access to the target FTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/comsnd_ftpd_fmtstr.rb

This Metasploit module exploits a format string vulnerability in ComSndFTP v1.3.7 Beta by overwriting a hardcoded function pointer in Ws2_32.dll!WSACleanup, bypassing DEP, and executing arbitrary code via a crafted USER command.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: ComSndFTP v1.3.7 Beta
No auth needed
Prerequisites: Network access to the FTP server on port 21 · Target running Windows XP SP3 or Windows Server 2003
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v4 9.3
EPSS 0.7259
EPSS Percentile 98.8%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-134
Status published
Products (1)
ComSndFTP/FTP Server 1.3.7 Beta
Published Aug 13, 2025
Tracked Since Feb 18, 2026