CVE-2001-0173

CrazyWWWBoard - Remote Code Execution via Long MIME Content-Type Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0173. PoCs published by Jin Ho You.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in CrazyWWWBoard.cgi via a malformed Content-Type header. It crafts a malicious multipart/form-data request with shellcode to achieve remote code execution on i386 Linux systems.

Description

Buffer overflow in qDecoder library 5.08 and earlier, as used in CrazyWWWBoard, CrazySearch, and other CGI programs, allows remote attackers to execute arbitrary commands via a long MIME Content-Type header.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jin Ho You · perlremotecgi
https://www.exploit-db.com/exploits/20606

This exploit targets a buffer overflow vulnerability in CrazyWWWBoard.cgi via a malformed Content-Type header. It crafts a malicious multipart/form-data request with shellcode to achieve remote code execution on i386 Linux systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CrazyWWWBoard.cgi (using qDecoder 4.0~5.0.8)
No auth needed
Prerequisites: Perl interpreter · Netcat (nc) · Target running vulnerable CrazyWWWBoard.cgi
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6033
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-01/0486.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2329

Scores

EPSS 0.0603
EPSS Percentile 92.4%

Details

Status published
Products (15)
nobreak_technologies/crazywwwboard 3.0.1
nobreak_technologies/crazywwwboard 98
nobreak_technologies/crazywwwboard 98pe
nobreak_technologies/crazywwwboard 2000.0lepx
nobreak_technologies/crazywwwboard 2000.0px
nobreak_technologies/crazywwwboard 2000lepx
nobreak_technologies/crazywwwboard 2000px
qdecoder/qdecoder 4.0
qdecoder/qdecoder 4.0.1
qdecoder/qdecoder 4.3
... and 5 more
Published May 03, 2001
Tracked Since Feb 18, 2026