CVE-2004-1118
published 2005-01-10CVE-2004-1118: Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component before 2.3.2.97, as used by CoffeeCup Direct FTP 6.2.0.62 and CoffeeCup Free FTP 3.0.0.10…
PriorityP339critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
8.18%
94.2th percentile
Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component before 2.3.2.97, as used by CoffeeCup Direct FTP 6.2.0.62 and CoffeeCup Free FTP 3.0.0.10, and possibly other applications, allows remote attackers to execute arbitrary code via a long filename.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| weonlydo | wodftpdlx_activex_component | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
wodFtpDLX Client - ActiveX Control Buffer Overflow Crash
exploitdb·2004-11-22
CVE-2004-1118 wodFtpDLX Client - ActiveX Control Buffer Overflow Crash
wodFtpDLX Client - ActiveX Control Buffer Overflow Crash
---
/************************************************************************************
WodFtpDLX Client ActiveX Control Buffer Overflow Crash Exploit
created by Komrade
e-mail: unsecure(at)altervista(dot)org
web: http://unsecure.altervista.org
Tested on WodFtpDLX.ocx versions 2.3.2.90 - 2.3.0.0 - 2.2.0.1
on a Windows XP Professional sp2 operating system.
This exploit creates a fake FTP server on your machine, waiting for the
connection of an application that uses the WodFtpDLX.ocx ActiveX Control.
After the exploit is sent the application will crash, trying to access
to a bad memory address: 0xDEADCODE.
This exploit can be executed locally or remotely.
Usage: wodftpcrash [-l] [-r server IP]
Options:
-l executed locally
-r s
Exploit-DB
CoffeeCup FTP Clients (Direct 6.2.0.62) (Free 3.0.0.10) - Remote Buffer Overflow
exploitdb·2004-11-22
CVE-2004-1118 CoffeeCup FTP Clients (Direct 6.2.0.62) (Free 3.0.0.10) - Remote Buffer Overflow
CoffeeCup FTP Clients (Direct 6.2.0.62) (Free 3.0.0.10) - Remote Buffer Overflow
---
/*************************************************************************************
CoffeeCup FTP Clients Buffer Overflow Vulnerability Exploit
created by Komrade
e-mail: unsecure(at)altervista(dot)org
web: http://unsecure.altervista.org
Tested on:
CoffeeCup Direct FTP 6.2.0.62
CoffeeCup Free FTP 3.0.0.10
on a Windows XP Professional sp2 operating system.
This exploit creates a fake FTP server on your machine, waiting for the
connection of an FTP client.
After the exploit is sent a shell (command prompt) is spawn on port 5555
of the target machine.
This exploit works locally or remotely.
Usage: coffecupbof [direct | free] [-l] [-r server IP]
Options:
direct | free "direct" to exploit a CoffeeCup
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029243.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029244.htmlhttp://marc.info/?l=bugtraq&m=110114233323417&w=2http://www.securityfocus.com/bid/11721https://exchange.xforce.ibmcloud.com/vulnerabilities/18190http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029243.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029244.htmlhttp://marc.info/?l=bugtraq&m=110114233323417&w=2http://www.securityfocus.com/bid/11721https://exchange.xforce.ibmcloud.com/vulnerabilities/18190
2005-01-10
Published