CVE-2001-0111

splitvt - Remote Code Execution via Format String in -rcfile Argument

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0111. PoCs published by Michel Kaempf.

AI-analyzed exploit summary This exploit leverages a format string vulnerability in splitvt < 1.6.5 via the -rcfile command line flag. It crafts a malicious input to overwrite stack variables and execute arbitrary shellcode stored in the HOME environment variable, potentially leading to privilege escalation if splitvt is SUID root.

Description

Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Michel Kaempf · clocallinux

https://www.exploit-db.com/exploits/20556

View Code ZIP pw:eip

This exploit leverages a format string vulnerability in splitvt < 1.6.5 via the -rcfile command line flag. It crafts a malicious input to overwrite stack variables and execute arbitrary shellcode stored in the HOME environment variable, potentially leading to privilege escalation if splitvt is SUID root.

Classification

Working Poc 95%

Attack Type

Rce | Lpe

Complexity

Complex

Reliability

Reliable

Target: splitvt < 1.6.5

No auth needed

Prerequisites: splitvt binary installed (preferably SUID root) · ability to set environment variables · ability to execute the binary with crafted arguments

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →