CVE-2020-37029

HIGH

FTPDummy 4.80 - Local Buffer Overflow via Preference File Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37029. PoCs published by Felipe Winsnes.

AI-analyzed exploit summary This exploit leverages a local buffer overflow in FTPDummy 4.80 via a crafted 'ftpdummypref3.dat' file to achieve arbitrary code execution (calc.exe) by overwriting SEH. The payload is generated using msfvenom and targets Windows 7 x86.

Description

FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite and execute system commands.

Exploits (1)

exploitdb WORKING POC
by Felipe Winsnes · pythonlocalwindows
https://www.exploit-db.com/exploits/48685

This exploit leverages a local buffer overflow in FTPDummy 4.80 via a crafted 'ftpdummypref3.dat' file to achieve arbitrary code execution (calc.exe) by overwriting SEH. The payload is generated using msfvenom and targets Windows 7 x86.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: FTPDummy! 4.80
No auth needed
Prerequisites: Local access to the target system · Ability to place a file in 'C:\Program Files\FTPDummy!\' · Target application must be opened by the user
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/48685

Scores

CVSS v3 8.4
EPSS 0.0016
EPSS Percentile 5.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-120
Status published
Published Jan 30, 2026
Tracked Since Feb 18, 2026