CVE-2012-10035
published 2025-08-05CVE-2012-10035: Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted…
PriorityP269critical10CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.98%
57.7th percentile
Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote attacker can overwrite memory structures and execute arbitrary code with SYSTEM privileges.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| turbosoft_inc | turboftp_server | — | — |
| turbosoft_inc | turboftp_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated FTP PORT command payloads with anomalously large or malformed arguments targeting Turbo FTP Server, which may indicate a buffer overflow exploitation attempt. ↗
- →Alert on Turbo FTP Server processes spawning unexpected child processes or executing code at SYSTEM privilege level, consistent with post-exploitation activity following a PORT command overflow. ↗
- ·The vulnerability is exploitable pre-authentication, meaning no valid FTP credentials are required to trigger the overflow — network-level controls blocking unauthenticated FTP access are a critical mitigation layer. ↗
- ·Both versions 1.30.823 and 1.30.826 are confirmed vulnerable; detection and patching efforts must account for both version strings. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/turboftp_port.rbhttps://www.exploit-db.com/exploits/22161https://www.vulncheck.com/advisories/turbo-ftp-server-port-command-buffer-overflowhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/turboftp_port.rbhttps://www.exploit-db.com/exploits/22161
2025-08-05
Published