cbcvebase.
CVE-2015-1171
published 2015-08-28

CVE-2015-1171: Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.

PriorityP263critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
62.66%
99.1th percentile
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.

Affected

1 ranges
VendorProductVersion rangeFixed in
gsmsim_card_editor

Detection & IOCsextracted from sources · hover to see the quote

filenameexploit.sms
port4444
  • The exploit targets GSM SIM Editor (SIM Card Editor) versions 5.15 and 6.6 on Windows; monitor process creation of the SIM editor application when opening .sms files from untrusted sources.
  • Post-exploitation payload is a bind_tcp Meterpreter shell on port 4444; detect unexpected inbound connections on TCP/4444 from the SIM editor process.
  • A Metasploit fileformat module exists for this CVE (windows/fileformat/gsm_sim); scan for its use in penetration testing or red-team activity against Windows XP SP2 and Windows 8 64-bit targets.
  • ·The hardcoded return address (B3804200 → 0x004280B3) is specific to the exploit-db PoC build environment; actual exploitation may use a different RET address depending on the target DLL/EXE base address.
  • ·Two shellcode variants are embedded in the PoC: one opens MS Paint (benign demo) and one is a bind_tcp Meterpreter on port 4444; real-world attacks may substitute arbitrary shellcode at the same offset.
  • ·The NVD advisory references version 6.6 while the Metasploit module targets version 5.15; both versions are affected and detections should cover both.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.