ByteOS Network

CVE Vulnerability Details :

CVE-2025-34107

PUBLISHED

More Info Official Page

Assigner-VulnCheck

Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10

Published At-15 Jul, 2025 | 13:11

Updated At-15 Jul, 2025 | 13:43

▼CVE Numbering Authority (CNA)

WinaXe 7.7 FTP Client Remote Buffer Overflow

A buffer overflow vulnerability exists in the WinaXe FTP Client version 7.7 within the FTP banner parsing functionality, WCMDPA10.dll. When the client connects to a remote FTP server and receives an overly long '220 Server Ready' response, the vulnerable component responsible for parsing the banner overflows a stack buffer, leading to arbitrary code execution under the context of the user.

Affected Products

Vendor

LabF

Product

WinaXe FTP Client

Modules

WCMDPA10.dll

Platforms

Windows

Default Status

unknown

Versions

Affected

Problem Types

Type	CWE ID	Description
CWE	CWE-121	CWE-121 Stack-based Buffer Overflow

Metrics

Version	Base score	Base severity	Vector
4.0	8.7	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Impacts

CAPEC ID	Description
CAPEC-100	CAPEC-100 Overflow Buffers

Credits

finder

hyp3rlinx

References

Hyperlink	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/winaxe_server_ready.rb	exploit
http://hyp3rlinx.altervista.org/advisories/WINAXE-FTP-CLIENT-REMOTE-BUFFER-OVERFLOW.txt	third-party-advisory exploit
https://www.exploit-db.com/exploits/40767	exploit
https://www.vulncheck.com/advisories/wina-xe-ftp-client-remote-buffer-overflow	third-party-advisory

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References