CVE-2001-0700

w3m < 0.2.1 - Remote Code Execution via Long Base64 Encoded MIME Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0700. PoCs published by White_E.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the w3m text-based browser (CVE-2001-0700) by sending a maliciously crafted MIME header with a base64-encoded string exceeding 32 characters. It includes shellcode to bind a shell on port 10000 and download/execute a backdoor from a specified URL.

Description

Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header.

Exploits (1)

exploitdb WORKING POC VERIFIED

by White_E · perlremotefreebsd

https://www.exploit-db.com/exploits/20941

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the w3m text-based browser (CVE-2001-0700) by sending a maliciously crafted MIME header with a base64-encoded string exceeding 32 characters. It includes shellcode to bind a shell on port 10000 and download/execute a backdoor from a specified URL.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: w3m (versions prior to the fix for this vulnerability)

No auth needed

Prerequisites: Victim must connect to the malicious server using w3m · Network access to the victim's machine on port 10000

MITRE ATT&CK