CVEs-PoC/2012/CVE-2012-10035.md

### [CVE-2012-10035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-10035)
![](https://img.shields.io/static/v1?label=Product&message=TurboFTP%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.30.823%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=1.30.826%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Copy%20without%20Checking%20Size%20of%20Input%20('Classic%20Buffer%20Overflow')&color=brightgreen)

### Description

Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote attacker can overwrite memory structures and execute arbitrary code with SYSTEM privileges.

### POC

#### Reference
- https://www.exploit-db.com/exploits/22161
- https://www.vulncheck.com/advisories/turbo-ftp-server-port-command-buffer-overflow

#### Github
No PoCs found on GitHub currently.