CVE-2013-10042

CRITICAL

freeFTPd < 1.0.10 - Stack-based Buffer Overflow via FTP PASS Command

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-10042. PoCs published by Wireghoul, including Metasploit module exploits/windows/ftp/freeftpd_pass.

AI-analyzed exploit summary This exploit targets a SEH buffer overflow in freeFTPd 1.0.10 during anonymous authentication. It uses an egghunter and shellcode to spawn a command shell via a crafted PASS command.

Description

A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Wireghoul · perlremotewindows

https://www.exploit-db.com/exploits/27747

View Code ZIP pw:eip

This exploit targets a SEH buffer overflow in freeFTPd 1.0.10 during anonymous authentication. It uses an egghunter and shellcode to spawn a command shell via a crafted PASS command.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: freeFTPd 1.0.10

No auth needed

Prerequisites: Network access to the target FTP service · Anonymous authentication enabled

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Wireghoul · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/freeftpd_pass.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in freeFTPd 1.0.10 and below via a maliciously crafted PASS command, allowing remote code execution. The exploit leverages a known return address and payload encoding to bypass bad characters.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: freeFTPd 1.0.10 and below

No auth needed

Prerequisites: Network access to the target FTP service · Anonymous authentication enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freeftpd_pass.rb

Exploit exploit

https://www.exploit-db.com/exploits/27747

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/freeftpd-pass-command-stack-based-buffer-overflow

Scores

CVSS v3 9.8

EPSS 0.7590

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (2)

freeftpd/freeftpd < 1.0.10

freeFTPd/freeFTPd < 1.0.10

Published Jul 31, 2025

Tracked Since Feb 18, 2026