CVE-2004-0313
published 2004-11-23CVE-2004-0313: Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request, as…
PriorityP351critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
63.61%
99.1th percentile
Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request, as demonstrated using a long (1) GET argument or (2) method name.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| psoproxy | psoproxy_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\xEB\x03\x5D\xEB\x05\xE8\xF8\xFF\xFF\xFF\x8B\xC5\x83\xC0\x11\x33
bytes↗
\xeb\x43\x56\x57\x8b\x45\x3c\x8b\x54\x05\x78\x01\xea\x52\x8b\x52
bytes↗
\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\xeb\x43\x56\x57\x8b\x45\x3c
- →Detect exploit by checking for HTTP requests to PSOProxy (default port 8080) with a payload body exceeding 1024 bytes, which is the known overflow offset. ↗
- →Banner-check for vulnerable PSOProxy version: server banner matches /PSO Proxy 0\.9/ — use this for active scanning/detection. ↗
- →Monitor for unexpected outbound connections or listening shells on ports 9191, 28876, and 4444 following inbound HTTP traffic to port 8080 — these are the backdoor/bind-shell ports used by known exploits. ↗
- →The Metasploit module uses payload bad characters \x00\x0a\x0d\x20 — HTTP requests to PSOProxy containing long alphanumeric strings (1024+ bytes) with a 4-byte return address appended should be flagged. ↗
- →Known return addresses used in exploits targeting PSOProxy 0.91 across Windows platforms: 0x75023112, 0x74fa3112, 0x74fd3112 (ws2help.dll call ecx), 0x71aa396d, 0x71aa3de3 (ws2help.dll call ecx), 0x77D615B9 (USER32.DLL jmp esp), 0x77D4643D (USER32.DLL JMP ESP). ↗
- ·PSOProxy listens on TCP port 8080 by default; exploits target this port. Ensure network monitoring covers this non-standard HTTP port. ↗
- ·The Metasploit module uses EXITFUNC=thread and a StackAdjustment of -3500, meaning the shellcode execution does not terminate the process — the service may remain running post-exploitation, making crash-based detection unreliable. ↗
- ·Overflow offset is 1024 bytes; the buffer size used in exploits ranges from 1530 to 3000 bytes. Detection rules should trigger on HTTP request bodies or method strings significantly exceeding 1024 bytes sent to PSOProxy. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PSOProxy 0.91 - Stack Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2004-0313 PSOProxy 0.91 - Stack Buffer Overflow (Metasploit)
PSOProxy 0.91 - Stack Buffer Overflow (Metasploit)
---
##
# $Id: psoproxy91_overflow.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
class Metasploit3 'PSO Proxy v0.91 Stack Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in the PSO Proxy v0.91 web server.
If a client sends an excessively long string the stack is overwritten.
},
'Author' => 'Patrick Webster ',
'License' => MSF_LICENSE,
'Version' => '$Revision: 9262 $',
'References' =>
[
[ 'CVE', '2004-0313' ],
[ 'OSVDB', '4028' ],
[ 'URL', 'http://www.milw0rm.co
Exploit-DB
PSOProxy 0.91 (Windows 2000/XP) - Remote Buffer Overflow
exploitdb·2004-02-26
CVE-2004-0313 PSOProxy 0.91 (Windows 2000/XP) - Remote Buffer Overflow
PSOProxy 0.91 (Windows 2000/XP) - Remote Buffer Overflow
---
/*
Copyright © Rosiello Security
http www rosiello org
-== Remote Exploit for PSOProxy version v0.91 ==--
Code by: rave
Contact: [email protected]
Date: Feb 2004
Bug found by: Donato Ferrante
There is a vulnerability found in the PSOProxy server.
An attacker can execute arbitrary code exploiting remotely a buffer overflow.
The exploit sends:
GET /
This spawns a bindshell on the victim at port 28876..
Usage psoproxy-exploit.exe
Target Number Target Name Stack Adress
============= =========== ===========
0 Demo 0xBADC0DED
1 Windows XP Home Edtion SP1. 0x00D2FDDA
2 Windows XP Pro Edtion SP1. 0x00EDFDDC
3 Win2k Pro Edtion. 0x00BBFDDC
psoproxy-exploit localhost 1
[+] Winsock Inalized
[+] Trying to connect to localhost:808
Exploit-DB
PSOProxy 0.91 - Remote Buffer Overflow (2)
exploitdb·2004-02-20
CVE-2004-0313 PSOProxy 0.91 - Remote Buffer Overflow (2)
PSOProxy 0.91 - Remote Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/9706/info
It has been reported that PSOProxy is prone to a remote buffer overflow vulnerability. The issue is due to the insufficient boundary checking.
A malicious user may exploit this condition to potentially corrupt sensitive process memory in the affected process and ultimately execute arbitrary code with the privileges of the web server.
/*
* PSOProxy remote stack-based overflow
* by [email protected]
* Bug found by Donato Ferrante
* Spawns cmd.exe on port 9191
*
* usage: ./PSOProxy-exp -h -p -t
* Platforms supported are:
* 0 - XP SP1 FR - PSOProxy 0.91 - 0x77d615b9
*
* $./PSOProxy-exp -h 192.168.0.1 -p 8080 -t 0
* PSOProxy
* Exploit written by Li0n7
*
* [+] Connected to 192.168.0.1:8080.
*
Exploit-DB
PSOProxy 0.91 - Remote Buffer Overflow (3)
exploitdb·2004-02-20
CVE-2004-0313 PSOProxy 0.91 - Remote Buffer Overflow (3)
PSOProxy 0.91 - Remote Buffer Overflow (3)
---
// source: https://www.securityfocus.com/bid/9706/info
It has been reported that PSOProxy is prone to a remote buffer overflow vulnerability. The issue is due to the insufficient boundary checking.
A malicious user may exploit this condition to potentially corrupt sensitive process memory in the affected process and ultimately execute arbitrary code with the privileges of the web server.
/*******************************************************
* PSO v0.91 Remote exploit *
* by NoRpiUs *
* *
* web: www.norpius.tk *
* email: [email protected] *
* *
*******************************************************/
#include
#ifdef WIN32
#include
#include
#define close closesocket
#else
#include
#include
#include
#include
#endif
unsigned char sh
Exploit-DB
PSOProxy 0.91 - Remote Buffer Overflow (1)
exploitdb·2004-02-20
CVE-2004-0313 PSOProxy 0.91 - Remote Buffer Overflow (1)
PSOProxy 0.91 - Remote Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/9706/info
It has been reported that PSOProxy is prone to a remote buffer overflow vulnerability. The issue is due to the insufficient boundary checking.
A malicious user may exploit this condition to potentially corrupt sensitive process memory in the affected process and ultimately execute arbitrary code with the privileges of the web server.
/*
** Voici mon 1er exploit, il traite d'une faille dans le programme PSOProxy v0.91
** Il s'agit d'un buffer overflow type et facile a faire (c pour a que j'ai russi ^^)
**
** Pour des infos tecniques aller ici : http://seclists.org/lists/bugtraq/2004/Feb/0567.html
**
** Sinon l'exploit consiste en : 1. on ce connecte au pc distnant
** 2. on envoit le co
Metasploit
PSO Proxy v0.91 Stack Buffer Overflow
metasploit
PSO Proxy v0.91 Stack Buffer Overflow
PSO Proxy v0.91 Stack Buffer Overflow
This module exploits a buffer overflow in the PSO Proxy v0.91 web server. If a client sends an excessively long string the stack is overwritten.
No writeups or analysis indexed.
2004-11-23
Published