EIP-2026-119116

PRE-CVE

Sasser Worm ftpd - Remote Buffer Overflow (port 5554)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119116. PoCs published by mandragore.

AI-analyzed exploit summary This is a functional exploit for the Sasser worm's FTP server vulnerability (EIP-2026-142089), leveraging SEH pointer overwriting to achieve remote code execution. It includes shellcode for both bind and reverse shells, targeting multiple Windows versions with specific memory addresses.

Description

Sasser Worm ftpd - Remote Buffer Overflow (port 5554)

Exploits (1)

exploitdb WORKING POC VERIFIED

by mandragore · cremotewindows

https://www.exploit-db.com/exploits/297

View Code ZIP pw:eip

This is a functional exploit for the Sasser worm's FTP server vulnerability (EIP-2026-142089), leveraging SEH pointer overwriting to achieve remote code execution. It includes shellcode for both bind and reverse shells, targeting multiple Windows versions with specific memory addresses.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sasser worm FTP server (variants a-e)

No auth needed

Prerequisites: Network access to the vulnerable FTP server · Knowledge of the target OS version for correct memory addresses

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026