CVE-2003-1339

ezmeeting - Stack-based Buffer Overflow via Long GET Request or SwEzModule.dll Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2003-1339. PoCs published by kralor, Peter Winter-Smith.

AI-analyzed exploit summary This exploit targets a buffer overflow in eZ v3.3 to v3.5 by leveraging a static JMP ESP in Cryptso.dll. It delivers a reverse shell payload using a universal shellcode with PEB technique.

Description

Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long GET request and (2) a long operation or autologin parameter to SwEzModule.dll.

Exploits (2)

exploitdb WORKING POC VERIFIED
by kralor · perlremotewindows
https://www.exploit-db.com/exploits/136

This exploit targets a buffer overflow in eZ v3.3 to v3.5 by leveraging a static JMP ESP in Cryptso.dll. It delivers a reverse shell payload using a universal shellcode with PEB technique.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: eZ v3.3 to v3.5
No auth needed
Prerequisites: Network access to the target · Target running vulnerable eZ version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Peter Winter-Smith · perlremotewindows
https://www.exploit-db.com/exploits/133

This exploit targets a stack overflow in eZnet.exe to download and execute a trojan from a specified URL. It uses a custom shellcode that leverages LoadLibraryA and GetProcAddress to dynamically resolve API functions for URLDownloadToFileA and WinExec.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: eZnet.exe (eZmeeting, eZnetwork, eZphotoshare, eZshare, eZ)
No auth needed
Prerequisites: Network access to the target on port 80 · A URL hosting the trojan
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_bugtraq
http://seclists.org/bugtraq/2003/Dec/0195.html
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/133
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1008412
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107090390002654&w=2
Various Sources x_refsource_misc
http://www.governmentsecurity.org/archive/t5390.html

Scores

EPSS 0.4861
EPSS Percentile 98.7%

Details

CWE
CWE-119
Status published
Products (3)
ezmeeting/ezmeeting 3.3
ezmeeting/ezmeeting 3.4
ezmeeting/ezmeeting 3.5
Published Dec 31, 2003
Tracked Since Feb 18, 2026