CVE-2002-1652

cgiemail 1.6 - Buffer Overflow via Long Query Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1652. PoCs published by isox.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in CGIEmail 1.6's cgicso component. It crafts a malicious GET request to overflow a buffer, potentially executing arbitrary commands (spawning an xterm) with mail server privileges.

Description

Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by isox · cremotelinux

https://www.exploit-db.com/exploits/21998

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in CGIEmail 1.6's cgicso component. It crafts a malicious GET request to overflow a buffer, potentially executing arbitrary commands (spawning an xterm) with mail server privileges.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: CGIEmail 1.6 (cgicso component)

No auth needed

Prerequisites: CGI_CSO_HARDCODE undefined during compilation · Server allows remote host queries · Target system uses Slackware Linux 7.1 or similar stack layout

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →