cbcvebase.
CVE-2004-2466
published 2004-12-31

CVE-2004-2466: chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer…

PriorityP340medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
74.70%
99.4th percentile
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected.

Affected

2 ranges
VendorProductVersion rangeFixed in
efs_softwareeasy_chat_server
efs_softwareeasy_chat_server

Detection & IOCsextracted from sources · hover to see the quote

  • ·The SEH overwrite offset is dependent on the installation path of Easy Chat Server; the offset of 207 only applies when installed at 'C:\Program Files\EFS Software\Easy Chat Server'. Different install paths will shift the offset.
  • ·Version 2.2 of Easy Chat Server still reports 'Easy Chat Server/1.0' in the Server HTTP header, making version fingerprinting via the header unreliable for distinguishing 1.x from 2.x.
  • ·The CVE originally covered versions 1.2 and 2.2, but was later confirmed to also affect versions up to 3.1.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.