CVE-2003-1359

HP-UX 10.0-11.22 - Local Buffer Overflow via stmkfont Command Line Argument

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2003-1359. PoCs published by watercloud, Last Stage of Delirium.

AI-analyzed exploit summary This exploit leverages a buffer overflow in the stmkfont utility on HP-UX systems via the alternate typeface library command-line option. It constructs a malicious payload with NOP sleds, shellcode, and return address overwrites to execute arbitrary code (bin/sh) with elevated privileges.

Description

Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.

Exploits (2)

exploitdb WORKING POC VERIFIED
by watercloud · bashlocalhp-ux
https://www.exploit-db.com/exploits/22247

This exploit leverages a buffer overflow in the stmkfont utility on HP-UX systems via the alternate typeface library command-line option. It constructs a malicious payload with NOP sleds, shellcode, and return address overwrites to execute arbitrary code (bin/sh) with elevated privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: HP-UX stmkfont utility (Avaya PDS 9, 11, and 12 on HP-UX 11.00)
No auth needed
Prerequisites: Local access to the vulnerable HP-UX system · stmkfont utility installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Last Stage of Delirium · clocalhp-ux
https://www.exploit-db.com/exploits/22246

This exploit targets a buffer overflow in the stmkfont utility on HP-UX systems via the alternate typeface library command-line option. It uses a combination of NOP sleds and shellcode to achieve arbitrary code execution with elevated privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: HP-UX stmkfont utility (HP-UX 10.20 700/800)
No auth needed
Prerequisites: Local access to the vulnerable HP-UX system · Presence of the vulnerable stmkfont utility
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/324381
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11313
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5587
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/advisories/4959
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3236
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6836

Scores

EPSS 0.0123
EPSS Percentile 65.1%

Details

CWE
CWE-119
Status published
Products (20)
avaya/predictive_dialer_system 9.0
avaya/predictive_dialer_system 11
avaya/predictive_dialer_system 12
hp/hp-ux 10.00
hp/hp-ux 10.01
hp/hp-ux 10.08
hp/hp-ux 10.09
hp/hp-ux 10.10
hp/hp-ux 10.16
hp/hp-ux 10.20
... and 10 more
Published Dec 31, 2003
Tracked Since Feb 18, 2026