CVE-2001-0262

Netscape SmartDownload 1.3 - Buffer Overflow via Long URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0262. PoCs published by Craig Davison.

AI-analyzed exploit summary The exploit describes a buffer overflow vulnerability in Netscape SmartDownload's 'sdph20.dll' URL parser function, which can be triggered by URLs longer than 271 characters, potentially leading to arbitrary code execution with user-level privileges.

Description

Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Craig Davison · textremotewindows
https://www.exploit-db.com/exploits/20775

The exploit describes a buffer overflow vulnerability in Netscape SmartDownload's 'sdph20.dll' URL parser function, which can be triggered by URLs longer than 271 characters, potentially leading to arbitrary code execution with user-level privileges.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Netscape SmartDownload (sdph20.dll)
No auth needed
Prerequisites: Target system with Netscape SmartDownload installed · User interaction (visiting or being redirected to a malicious URL)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Patch, Vendor Advisory vendor-advisory x_refsource_atstake
http://www.atstake.com/research/advisories/2001/a041301-1.txt

Scores

EPSS 0.0747
EPSS Percentile 93.7%

Details

Status published
Products (1)
netscape/smartdownload 1.3
Published Jul 02, 2001
Tracked Since Feb 18, 2026