CVE-2012-5002

Ricoh DC Software DL-10 <4.5.0.1 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-5002. PoCs published by Metasploit, Julien Ahrens, sinn3r, including Metasploit module exploits/windows/ftp/ricoh_dl_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Ricoh DC DL-10 SR10 FTP service via a long USER command, allowing remote code execution. It includes a payload delivery mechanism and targets Windows XP SP3 with a specific return address in msvcrt.dll.

Description

Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a long USER FTP command.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18658

This Metasploit module exploits a stack-based buffer overflow in Ricoh DC DL-10 SR10 FTP service via a long USER command, allowing remote code execution. It includes a payload delivery mechanism and targets Windows XP SP3 with a specific return address in msvcrt.dll.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ricoh DC DL-10 SR10 FTP Server 1.0
No auth needed
Prerequisites: FTP service must be running · Server must be configured with a log file name
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
pythondoswindows
https://www.exploit-db.com/exploits/18643

This exploit demonstrates a remote buffer overflow vulnerability in Ricoh DC Software DL-10 FTP Server (SR10.exe) <= 1.1.0.6. It sends a malformed USER command with a crafted payload to trigger the overflow, potentially leading to remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Ricoh DC Software DL-10 FTP Server (SR10.exe) <= 1.1.0.6
No auth needed
Prerequisites: Network access to the target FTP server · FTP service running on the target
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Julien Ahrens, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/ricoh_dl_bof.rb

This Metasploit module exploits a stack-based buffer overflow in Ricoh DC DL-10 SR10 FTP service via a maliciously crafted USER command. It achieves remote code execution by overwriting the return address with a PUSH ESP; RETN instruction from msvcrt.dll.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ricoh DC DL-10 SR10 FTP Server 1.0
No auth needed
Prerequisites: Network access to the FTP service · FTP service configured with a log file name
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit x_refsource_misc
http://security.inshell.net/advisory/5
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73591
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47912
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52235
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/79691

Scores

EPSS 0.3116
EPSS Percentile 98.0%

Details

CWE
CWE-119
Status published
Products (2)
ricoh/dl-10 4.5.0.1
ricoh/sr10_ftp_server 1.1.0.6
Published Sep 19, 2012
Tracked Since Feb 18, 2026