CVE-2005-1173
published 2005-05-02CVE-2005-1173: Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote attackers to execute arbitrary code via a long GET request.
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
9.65%
94.9th percentile
Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote attackers to execute arbitrary code via a long GET request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pmsoftware | simple_web_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PMSoftware Simple Web Server - GET Remote Buffer Overflow
exploitdb·2005-04-24
CVE-2005-1173 PMSoftware Simple Web Server - GET Remote Buffer Overflow
PMSoftware Simple Web Server - GET Remote Buffer Overflow
---
/*
*
* PMSoftware Simple Web Server Buffer Overflow Exploit
* 3 targets
*
* cybertronic[at]gmx[dot]net
* 04/25/2005
* __ __ _
* _______ __/ /_ ___ _____/ /__________ ____ (_)____
* / ___/ / / / __ \/ _ \/ ___/ __/ ___/ __ \/ __ \/ / ___/
* / /__/ /_/ / /_/ / __/ / / /_/ / / /_/ / / / / / /__
* \___/\__, /_.___/\___/_/ \__/_/ \____/_/ /_/_/\___/
* /____/
*
* --[ exploit by : cybertronic - cybertronic[at]gmx[dot]net
* Usage: ./PMSoftwareSimpleWebServer_expl -h -p -l -c -t
* 0 WinXP Home SP1 GER [0x71a17bfb] [pad=213] [offset=222]
* 1 WinXP Prof SP1 GER [0x71a17bfb] [pad=216] [offset=225]
* 2 WinXP Prof SP2 GER [0x71a19372] [pad=215] [offset=224]
*
* [ cybertronic @ PM ] $ ./PMSoftwareSimpleWebServer_expl -h 192.168.2.103 -p 80 -
Exploit-DB
PMSoftware Simple Web Server 1.0 - Remote Stack Overflow
exploitdb·2005-04-20
CVE-2005-1173 PMSoftware Simple Web Server 1.0 - Remote Stack Overflow
PMSoftware Simple Web Server 1.0 - Remote Stack Overflow
---
/*
PMsoftware mini http server remote stack overflow exploit
author : c0d3r "kaveh razavi" [email protected] [email protected]
package : PMsoftware Web Server version 1.0
advisory : http://www.securiteam.com/windowsntfocus/5TP0B2KFGA.html
company address : www.pmx.it
timeline :
17 Feb 2005 : bug found by ERNW Security
18 Apr 2005 : Public Disclosure
18 Apr 2005 : crash exploit released (ERNW Security)
20 Apr 2005 : IHS exploit released , winxpsp1 & winxpsp2 target
compiled with visual c++ 6 : cl pm.c
greetz : IHSTeam members,exploit-dev mates, securiteam , str0ke-milw0rm
ihsteam.com (persian) www.ihssecurity.com (english , just started)
a big F*u to those who were/are/will trading konkoor questions-answers
(c) IHS security
No writeups or analysis indexed.
2005-05-02
Published