CVE-2012-10055 in FTP Serverinfo

Zusammenfassung

von MITRE • 14.08.2025

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. The vulnerability is exploitable without authentication and affects default configurations.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulnCheck

Reservieren

11.08.2025

Veröffentlichung

14.08.2025

Moderieren

akzeptiert

Eintrag

VDB-320055

CPE

bereit

CWE

CWE-134 (bestätigt)

Exploit

Download

CVSS

7.3 (VulDB)

EPSS

0.58949

KEV

nein

Aktivitäten

very low

Sektor

Insurance, Energy, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-10055
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-10055
CVE Details	https://www.cvedetails.com/cve/CVE-2012-10055/

◂ Zurück Übersicht Weiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!