CVE-2001-0499

Oracle8i < 8.1.7 - Remote Buffer Overflow via TNS Listener Commands

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2001-0499. PoCs published by Metasploit, benjurry, MC, including Metasploit module exploits/windows/oracle/tns_arguments.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in Oracle 8i TNS Listener via a crafted ARGUMENTS string. It targets Windows 2000/2003 with Oracle 8.1.7.0.0, delivering a payload for remote code execution.

Description

Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16340

This Metasploit module exploits a stack buffer overflow in Oracle 8i TNS Listener via a crafted ARGUMENTS string. It targets Windows 2000/2003 with Oracle 8.1.7.0.0, delivering a payload for remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle 8i TNS Listener (8.1.7.0.0)
No auth needed
Prerequisites: Network access to TNS Listener (port 1521) · Target running vulnerable Oracle 8i version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by benjurry · cremotewindows
https://www.exploit-db.com/exploits/20980

This exploit targets a buffer overflow in Oracle 8i TNS Listener (CVE-2001-0499) to achieve remote code execution. It crafts a malicious packet to overwrite the SEH and execute a bind shell on port 8080.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle 8i (8.1.5, 8.1.6, 8.1.7)
No auth needed
Prerequisites: Network access to Oracle TNS Listener (port 1521) · Vulnerable Oracle 8i version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/oracle/tns_arguments.rb

This Metasploit module exploits a stack buffer overflow in Oracle 8i TNS Listener via a crafted packet with an overly long ARGUMENTS string, leading to arbitrary code execution. It includes payload handling, bad character avoidance, and target-specific offsets for Windows 2000/2003.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle 8i (8.1.7.0.0) TNS Listener
No auth needed
Prerequisites: Network access to TNS Listener (port 1521) · Vulnerable Oracle 8i version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Various Sources vendor-advisory x_refsource_nai
http://www.nai.com/research/covert/advisories/050.asp
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/620495
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2941
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6758
US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2001-16.html

Scores

EPSS 0.8520
EPSS Percentile 99.7%

Details

Status published
Products (1)
oracle/oracle8i < 8.1.7
Published Jul 21, 2001
Tracked Since Feb 18, 2026