VYPR
Critical severityNVD Advisory· Published Aug 13, 2025· Updated Apr 15, 2026

CVE-2012-10055

CVE-2012-10055

Description

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. The vulnerability is exploitable without authentication and affects default configurations.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.