cbcvebase.
CVE-2007-2031
published 2007-04-16

CVE-2007-2031: Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via…

PriorityP356critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
15.31%
96.4th percentile
Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests.

Affected

1 ranges
VendorProductVersion rangeFixed in
3proxy3proxy<= 0.5.3g

Detection & IOCsextracted from sources · hover to see the quote

port3128
port7979
port7979
commandGET /[NOPS][SHELLCODE][RETADDR] Host: [FILLER]
other0x7C81518B
other0x7C8369D8
other0x0805333c
other0x08054da8
bytes
\x2b\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x4b\x76\x8d\x13
bytes
\x31\xc0\x50\x40\x89\xc3\x50\x40\x50\x89\xe1\xb0\x66\xcd\x80
bytes
\x31\xc0\x31\xdb\x31\xc9\x51\xb1\x06\x51\xb1\x01\x51\xb1\x02\x51\x89\xe1\xb3\x01\xb0\x66\xcd\x80
  • The win32 exploit uses a 'CALL ESP' gadget at 0x7C81518B in kernel32.dll (WinXP SP2) as the EIP overwrite value. Presence of this address in network traffic targeting port 3128 is a strong indicator of exploitation.
  • The win32 bind shellcode (Metasploit PexFnstenvSub encoded) opens a bind shell on port 7979. Monitor for unexpected listening services on port 7979 after 3proxy receives a malformed request.
  • ·Affected versions are 3proxy 0.5 through 0.5.3g and 0.6b-devel before 20070413. The default proxy port is 3128 but may be reconfigured.
  • ·The win32 exploit targets WinXP Home SP2 kernel32.dll CALL ESP gadgets; different Windows versions will have different gadget addresses and may require the -r option to specify an alternate return address.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.