CVE-2000-0002

ZBServer Pro 1.50 - Remote Code Execution via Long GET Request

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2000-0002. PoCs published by Izan, Ussr Labs.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in ZBServer Pro 1.50-r1x by sending a maliciously crafted HTTP GET request with shellcode to achieve remote code execution. The shellcode is designed to patch error information and restore the overflowed thread.

Description

Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Izan · cremotewindows

https://www.exploit-db.com/exploits/19689

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in ZBServer Pro 1.50-r1x by sending a maliciously crafted HTTP GET request with shellcode to achieve remote code execution. The shellcode is designed to patch error information and restore the overflowed thread.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ZBServer Pro 1.50-r1x

No auth needed

Prerequisites: Network access to the target server · Target server running ZBServer Pro 1.50-r1x on WinNT

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Ussr Labs · textremotewindows

https://www.exploit-db.com/exploits/19688

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in ZBSoft ZBServer Pro 1.5 via malformed GET requests, allowing arbitrary code execution. The provided binary and source code demonstrate the exploit in action.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ZBSoft ZBServer Pro 1.5

No auth needed

Prerequisites: Network access to the target server · ZBServer Pro 1.5 running on a vulnerable Windows system

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/templates/archive.pike?list=1&msg=36B0596E.8D111D66%40teleline.es

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=94598388530358&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/889

Various Sources mailing-list x_refsource_ntbugtraq

http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556

Scores

EPSS 0.1388

EPSS Percentile 96.0%

Details

Status published

Products (1)

zbsoft/zbserver 1.5

Published Dec 22, 1999

Tracked Since Feb 18, 2026