CVE-2017-15222

CRITICAL

nftp < 2.0 - Remote Code Execution via Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 4 public exploits for CVE-2017-15222. PoCs published by Metasploit, Berk Cem Göksel, Uday Mittal, including Metasploit module exploits/windows/ftp/ayukov_nftp.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Ayukov NFTPD FTP Client 2.0 and earlier by sending an overly long response to the SYST request, potentially leading to remote code execution. The exploit uses a crafted payload with bad character avoidance and a specific return address for Windows XP SP3.

Description

Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/43448

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Ayukov NFTPD FTP Client 2.0 and earlier by sending an overly long response to the SYST request, potentially leading to remote code execution. The exploit uses a crafted payload with bad character avoidance and a specific return address for Windows XP SP3.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Ayukov NFTPD FTP Client <= 2.0

No auth needed

Prerequisites: Target must connect to attacker-controlled FTP server · Vulnerable version of Ayukov NFTPD FTP Client

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Berk Cem Göksel · pythonremotewindows

https://www.exploit-db.com/exploits/43025

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Ayukov NFTP FTP Client (CVE-2017-15222) by sending a maliciously crafted buffer to trigger arbitrary code execution. The PoC includes shellcode to spawn calc.exe and leverages a call ESP instruction to redirect execution flow.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Ayukov NFTP FTP Client v1.71, v1.72, v1.8, v2.0

No auth needed

Prerequisites: Network access to the target FTP client · Target must connect to the malicious FTP server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Uday Mittal · pythonlocalwindows_x86

https://www.exploit-db.com/exploits/46070

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Ayukov NFTP FTP Client 2.0. It sends a crafted payload to trigger a buffer overflow, overwriting the EIP and executing shellcode for a bind shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Ayukov NFTP FTP Client below 2.0

No auth needed

Prerequisites: Network access to the target FTP client · Target software must be running on Windows XP SP3 or similar vulnerable environment

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Berk Cem Goksel, Daniel Teixeira, sinn3r · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/ayukov_nftp.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Ayukov NFTPD FTP Client 2.0 and earlier by sending a maliciously crafted SYST response. It achieves remote code execution under the context of the user by overflowing the buffer with a payload and return address.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Ayukov NFTPD FTP Client 2.0 and earlier

No auth needed

Prerequisites: Network access to the target FTP client · Target must initiate connection to attacker-controlled FTP server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43448/

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43025/

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46070/

Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/101602

Scores

CVSS v3 9.8

EPSS 0.6033

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (1)

nftp_project/nftp < 2.0

Published Oct 24, 2017

Tracked Since Feb 18, 2026