CVE-2012-10055 – F-Secure ComSndFTP Format String Vulnerability

CVE ID : CVE-2012-10055

Published : Aug. 13, 2025, 9:15 p.m. | 1 hour, 18 minutes ago

Description : ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. The vulnerability is exploitable without authentication and affects default configurations.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…