CVE-2002-2385

Hotfoon 4.0 - Buffer Overflow via Long Voice Phone Number URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-2385. PoCs published by S G Masood.

AI-analyzed exploit summary The writeup describes a buffer overflow vulnerability in Hotfoon dialer's text input field for telephone numbers. The vulnerability allows crashing the service and potentially executing arbitrary code by inputting 76 'a' characters.

Description

Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL containing a long voice phone number.

Exploits (1)

exploitdb WRITEUP VERIFIED
by S G Masood · textdosmultiple
https://www.exploit-db.com/exploits/22010

The writeup describes a buffer overflow vulnerability in Hotfoon dialer's text input field for telephone numbers. The vulnerability allows crashing the service and potentially executing arbitrary code by inputting 76 'a' characters.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Hotfoon dialer (Hotfoon4.exe)
No auth needed
Prerequisites: Hotfoon dialer installed and running
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6156
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10593.php
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-11/0115.html

Scores

EPSS 0.0428
EPSS Percentile 89.9%

Details

CWE
CWE-119
Status published
Products (1)
hotfoon_corporation/hotfoon 4.0
Published Dec 31, 2002
Tracked Since Feb 18, 2026