cbcvebase.
CVE-2005-1812
published 2005-06-01

CVE-2005-1812: Multiple stack-based buffer overflows in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allow remote attackers to execute arbitrary code via a long (1)…

PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
62.92%
99.1th percentile
Multiple stack-based buffer overflows in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allow remote attackers to execute arbitrary code via a long (1) filename or (2) transfer mode string in a Read Request (RRQ) or Write Request (WRQ) packet.

Affected

1 ranges
VendorProductVersion rangeFixed in
futuresofttftp_server_2000

Detection & IOCsextracted from sources · hover to see the quote

portUDP/69
otherws2help.dll RET 0x75022ac4 (Windows 2000 Pro English ALL)
otherws2help.dll RET 0x71aa32ad (Windows XP Pro SP0/SP1 English)
otherws2help.dll RET 0x776a1799 (Windows NT SP5/SP6a English)
otherPEB RET 0x7ffc0638 (Windows 2003 Server English)
bytes
\x00\x01 + 14 bytes filename + \x00 + 167 bytes transfer-mode overflow with SEH overwrite at offset 157
  • Detect exploit attempts by monitoring UDP port 69 for TFTP RRQ packets (opcode \x00\x01) where the transfer-mode field (second null-terminated string) exceeds normal length — overflow triggers at ~157 bytes into the mode field where SEH/EIP are overwritten.
  • Flag UDP/69 TFTP RRQ packets whose total payload length exceeds ~200 bytes; normal TFTP RRQ packets are short (filename + mode string only).
  • Look for TFTP RRQ packets containing a NOP sled (\x90 sequences) following the mode-string field, indicative of shellcode delivery.
  • The vulnerability is only exploitable on Windows 2000 Professional; Windows 2000 Server could not trigger the overflow — scope detection efforts accordingly.
  • ·The CVE-2007-1645 NVD entry notes possible overlap with CVE-2006-4781 and CVE-2005-1812 — ensure deduplication when correlating alerts across these CVEs.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.