CVE-2017-9544
published 2017-06-12CVE-2017-9544: There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
24.12%
97.6th percentile
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| echatserver | easy_chat_server | 2.0 – 3.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring HTTP requests to 'registresult.htm' containing an abnormally long username parameter, indicative of a stack-based SEH buffer overflow attempt against Easy Chat Server. ↗
- →The vulnerability is a remote stack-based buffer overflow using SEH (Structured Exception Handler) overwrite technique; look for SEH chain corruption patterns in process memory of Easy Chat Server. ↗
- →Monitor for Metasploit module 'exploits/windows/http/easychatserver_seh' execution or matching network traffic patterns targeting Easy Chat Server user registration endpoint. ↗
- ·Affected versions are Easy Chat Server 2.0 through 3.1 only; detections should be scoped to these versions to reduce false positives. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No writeups or analysis indexed.
2017-06-12
Published