CVE-2012-10035

Published: Aug 5, 2025Modified: Aug 7, 2025

10.0

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote attacker can overwrite memory structures and execute arbitrary code with SYSTEM privileges.

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (5)

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/turboftp_port.rb

Source: disclosure@vulncheck.com

https://www.exploit-db.com/exploits/22161

Source: disclosure@vulncheck.com

https://www.vulncheck.com/advisories/turbo-ftp-server-port-command-buffer-overflow

Source: disclosure@vulncheck.com

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/turboftp_port.rb

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

https://www.exploit-db.com/exploits/22161

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.