cbcvebase.
CVE-2007-1733
published 2007-03-28

CVE-2007-1733: Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in…

PriorityP355critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
10.75%
95.3th percentile
Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112.

Affected

2 ranges
VendorProductVersion rangeFixed in
intervationsnavicopa_web_server
intervationsnavicopa_web_server

Detection & IOCsextracted from sources · hover to see the quote

url/cgi-bin/
commandGET /cgi-bin/<900-byte overflow pattern> HTTP/1.1
  • EIP overwrite occurs at byte offset 270–274 in the overflow buffer; look for the ROP gadget address 0x1002c46f (push esp; retn) in HTTP request payloads.
  • Bad characters filtered by the exploit are \x00\x26\x3d\x0a\x0d\x25\x2b\x2e\x3f; payloads in the wild will not contain these bytes, which can help tune detection signatures.
  • The DoS variant (CVE-2007-2336) uses long HTTP requests containing '\A' characters; detect HTTP requests with repeated '\A' sequences targeting NaviCOPA.
  • ·The ROP gadget address 0x1002c46f is fixed for all English and German Windows targets (XP, 2000, Vista); this address may differ on other locales or OS versions not listed.
  • ·The EIP offset shifts by 4 bytes depending on the NaviCOPA installation path length (English offset 270, German offset 274); detection rules based on fixed offsets may miss non-English installs.
  • ·The exploit targets NaviCOPA 2.01 released 6th October 2006 or earlier and is explicitly noted as a different vulnerability from BID 20250.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.