CVE-2002-1001

AnalogX Proxy - Buffer Overflow via Long HTTP Request or SOCKS 4A DNS Hostname

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1001. PoCs published by Kanatoko.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in AnalogX Proxy 4.10 via malformed SOCKS4A requests. It includes shellcode to execute 'notepad.exe' and leverages a JMP ESP address in user32.dll for Japanese Windows 2000 Pro SP2.

Description

Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long HTTP request to TCP port 6588 or (2) a SOCKS 4A request to TCP port 1080 with a long DNS hostname.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kanatoko · perlremotewindows

https://www.exploit-db.com/exploits/21589

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in AnalogX Proxy 4.10 via malformed SOCKS4A requests. It includes shellcode to execute 'notepad.exe' and leverages a JMP ESP address in user32.dll for Japanese Windows 2000 Pro SP2.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AnalogX Proxy 4.10

No auth needed

Prerequisites: Network access to TCP port 1080 · Target running AnalogX Proxy 4.10 on Japanese Windows 2000 Pro SP2

MITRE ATT&CK