CVE-2001-0703

Arcadia Internet Store 1.0 - Denial of Service via Template Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0703. PoCs published by NERF Security.

AI-analyzed exploit summary This exploit targets a denial-of-service vulnerability in Arcadia Internet Store 1.0 by sending malformed HTTP requests to 'tradecli.dll' with DOS device names (e.g., 'com1', 'con'). The vulnerability arises when the DLL attempts to open these reserved device names, causing a crash.

Description

tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to cause a denial of service via a URL request with an MS-DOS device name in the template parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by NERF Security · cdoswindows
https://www.exploit-db.com/exploits/20949

This exploit targets a denial-of-service vulnerability in Arcadia Internet Store 1.0 by sending malformed HTTP requests to 'tradecli.dll' with DOS device names (e.g., 'com1', 'con'). The vulnerability arises when the DLL attempts to open these reserved device names, causing a crash.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Arcadia Internet Store 1.0 (tradecli.dll)
No auth needed
Prerequisites: Network access to the target server · Arcadia Internet Store 1.0 running on Windows NT/2000
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2905
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6739
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/192651

Scores

EPSS 0.0722
EPSS Percentile 93.5%

Details

Status published
Products (1)
arcadia/arcadia_internet_store 1.0
Published Sep 20, 2001
Tracked Since Feb 18, 2026