CVE-2001-1112 in EFTP
Summary
by MITRE
Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 09/29/2025
The vulnerability identified as CVE-2001-1112 represents a critical buffer overflow flaw within EFTP version 2.0.7.337, a file transfer protocol implementation that was widely used in enterprise environments during the early 2000s. This security weakness specifically manifests when the application processes .lnk files, which are Windows shortcut files containing metadata about file locations and execution parameters. The buffer overflow occurs due to inadequate input validation and bounds checking within the file parsing routine that handles these shortcut files, creating a scenario where maliciously crafted input can exceed the allocated buffer space and overwrite adjacent memory regions.
The technical implementation of this vulnerability stems from the application's failure to properly validate the length of data contained within .lnk file headers during the parsing process. When a .lnk file with an excessive number of characters in its metadata fields is uploaded to the EFTP server, the application's internal buffer allocated for processing this data becomes overflowed. This overflow can be exploited by remote attackers to overwrite critical memory locations including return addresses and function pointers, effectively allowing them to redirect program execution flow. The vulnerability is particularly dangerous because it enables arbitrary code execution without requiring authentication, making it a prime target for automated exploitation tools and malicious actors seeking to compromise systems.
The operational impact of CVE-2001-1112 extends beyond simple remote code execution, as it can be leveraged to establish persistent access to affected systems and potentially escalate privileges within the network. Attackers can craft malicious .lnk files that, when processed by the vulnerable EFTP service, will execute shellcode or payload code with the privileges of the running service account. This can lead to complete system compromise, data exfiltration, and lateral movement within the network infrastructure. The vulnerability's remote exploitability means that attackers can target systems from anywhere on the internet without requiring physical access or local network presence, significantly increasing the attack surface and potential damage scope.
Organizations affected by this vulnerability should implement immediate mitigations including patching the EFTP software to the latest available version that contains proper input validation and buffer management. The CWE (Common Weakness Enumeration) classification for this vulnerability aligns with CWE-121, which describes heap-based buffer overflow conditions where insufficient bounds checking allows attackers to overwrite memory. Additionally, this vulnerability maps to ATT&CK technique T1059.007 for command and scripting interpreter, as the successful exploitation enables attackers to execute arbitrary commands on compromised systems. Network segmentation should be implemented to limit access to EFTP services, and file upload restrictions should be enforced to prevent .lnk file uploads. Regular security assessments and vulnerability scanning should be conducted to identify other potential buffer overflow vulnerabilities in legacy applications that may not have received proper security updates.