CVE-2018-25254

CRITICAL

NICO-FTP 3.0.1.19 Buffer Overflow SEH

Title source: cna

Description

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and redirect execution to injected shellcode.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Abdullah Alıç · pythonlocalwindows_x86

https://www.exploit-db.com/exploits/45442

View Code ZIP pw:eip

References (3)

[Exploit] https://www.exploit-db.com/exploits/45442

[Product] https://en.softonic.com/download/nico-ftp/windows/post-download

[Third Party Advisory] https://www.vulncheck.com/advisories/nico-ftp-buffer-overflow-seh

Scores

CVSS v3 9.8

EPSS 0.0023

EPSS Percentile 46.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

nico-ftp/NICO-FTP 3.0.1.19

Published Apr 04, 2026

Tracked Since Apr 04, 2026