cbcvebase.
CVE-2010-20107
published 2025-08-21

CVE-2010-20107: A stack-based buffer overflow exists in FTP Synchronizer Professional <= v4.0.73.274. When the client connects to an FTP server and issues a LIST…

PriorityP350high8.5CVSS 4.0
AVLACLATNPRNUIPVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.48%
37.5th percentile
A stack-based buffer overflow exists in FTP Synchronizer Professional <= v4.0.73.274. When the client connects to an FTP server and issues a LIST command—typically during sync preview or profile creation—the server’s response containing an overly long filename triggers a buffer overflow. This results in the corruption of the Structured Exception Handler (SEH), potentially allowing remote code execution.

Affected

1 ranges
VendorProductVersion rangeFixed in
liuxz_softwareftp_synchronizer_professional<= 4.0.73.274

Detection & IOCsextracted from sources · hover to see the quote

versionFTP Synchronizer Professional <= 4.0.73.274
  • The overflow is triggered specifically during sync preview or new sync profile creation when the client issues a LIST command — focus monitoring on those workflow stages.
  • The exploit overwrites a Structured Exception Handler (SEH) record and triggers an access violation — look for SEH-chain corruption events in FTP Synchronizer Professional processes.
  • A Metasploit module exists for this vulnerability (exploits/windows/ftp/ftpsynch_list_reply); presence of this module path in logs or memory may indicate active exploitation attempts.
  • ·Only FTP Synchronizer Professional versions up to and including 4.0.73.274 on Windows are confirmed affected; the Metasploit module targets this exact version.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.