CVE-2017-18047

CRITICAL

LabF nfsAxe 3.7 - Buffer Overflow via Long FTP Reply

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2017-18047. PoCs published by Metasploit, Tulpa, wetw0rk, including Metasploit module exploits/windows/ftp/labf_nfsaxe.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in LabF nfsAxe 3.7 FTP Client via a malicious FTP server response, leading to remote code execution. It uses an egghunter and SEH overwrite to achieve reliability.

Description

Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/43518

This Metasploit module exploits a stack-based buffer overflow in LabF nfsAxe 3.7 FTP Client via a malicious FTP server response, leading to remote code execution. It uses an egghunter and SEH overwrite to achieve reliability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: LabF nfsAxe 3.7 FTP Client
No auth needed
Prerequisites: Attacker-controlled FTP server · Target must connect to the malicious server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Tulpa · pythonremotewindows
https://www.exploit-db.com/exploits/42011

This exploit targets a buffer overflow vulnerability in LabF nfsAxe 3.7 FTP Client via SEH overwrite. It uses an egghunter and shellcode to achieve remote code execution on Windows Vista x86.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: LabF nfsAxe 3.7 FTP Client
No auth needed
Prerequisites: Network access to target · FTP client connecting to malicious server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by wetw0rk · pythonremotewindows
https://www.exploit-db.com/exploits/43236

This exploit targets a buffer overflow vulnerability in LabF nfsAxe 3.7 FTP client, bypassing DEP via a ROP chain to achieve remote code execution. It sends a crafted payload to overwrite the SEH record and execute shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: LabF nfsAxe 3.7
No auth needed
Prerequisites: Network access to the target · Target must connect to the malicious FTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Tulpa, Daniel Teixeira · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/labf_nfsaxe.rb

This Metasploit module exploits a stack buffer overflow in LabF nfsAxe 3.7 FTP Client via a malicious FTP server response, leading to remote code execution. It uses an egghunter and SEH overwrite to achieve reliability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: LabF nfsAxe 3.7 FTP Client
No auth needed
Prerequisites: Attacker-controlled FTP server · Target connects to the malicious server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43236/
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43518/
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42011/

Scores

CVSS v3 9.8
EPSS 0.2008
EPSS Percentile 97.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
labf/nfsaxe 3.7
Published Jan 22, 2018
Tracked Since Feb 18, 2026