CVE-2010-20108
published 2025-08-21CVE-2010-20108: FTPPad <= 1.2.0 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and…
PriorityP351high8.4CVSS 4.0
AVLACLATNPRNUIAVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.48%
37.5th percentile
FTPPad <= 1.2.0 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long directory and filename, the application fails to properly validate input length. This results in a buffer overflow that overwrites the saved Extended Instruction Pointer (EIP), allowing remote attackers to execute arbitrary code.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ftppad | ftppad_ftp_client | <= 1.2.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Payload is located at EDX+5c and ESI+5c offsets; a register pivot/sniper technique is required to redirect execution to shellcode. ↗
- →The overflow is triggered server-side via a crafted FTP LIST response containing an excessively long directory and filename, overwriting the saved EIP — monitor FTP LIST responses with abnormally large directory/filename fields directed at FTPPad clients. ↗
- ·This is a client-side exploit triggered by a malicious FTP server response; the attacker must control or impersonate an FTP server that the victim FTPPad client connects to. ↗
- ·A Metasploit module exists for this vulnerability (modules/exploits/windows/ftp/ftppad_list_reply.rb), indicating it is weaponized and readily exploitable. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/ftppad_list_reply.rbhttps://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/https://www.chip.de/downloads/FTPPad_12993921.htmlhttps://www.exploit-db.com/exploits/16726https://www.vulncheck.com/advisories/ftppad-stack-buffer-overflowhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/ftppad_list_reply.rbhttps://www.exploit-db.com/exploits/16726
2025-08-21
Published