Exploitation Summary
EIP tracks 3 public exploits for CVE-2004-0362.
PoCs published by Metasploit, Sam, including Metasploit module exploits/windows/firewall/blackice_pam_icq.
AI-analyzed exploit summary This exploit targets a stack buffer overflow in ISS products using iss-pam1.dll (CVE-2004-0362). It sends a maliciously crafted UDP packet to trigger arbitrary code execution as LocalSystem, with support for multiple targets and bruteforce capabilities.
Description
Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.
Exploits (3)
This exploit targets a stack buffer overflow in ISS products using iss-pam1.dll (CVE-2004-0362). It sends a maliciously crafted UDP packet to trigger arbitrary code execution as LocalSystem, with support for multiple targets and bruteforce capabilities.
This exploit targets a buffer overflow vulnerability in ISS BlackICE/RealSecure's iss_pam1.dll via a malformed ICQ packet. It sends a UDP payload with shellcode to achieve remote code execution, establishing a reverse shell to the attacker's specified host and port.
This Metasploit module exploits a stack buffer overflow in ISS products using iss-pam1.dll (Blackice/RealSecure) via a malformed UDP packet. It supports multiple targets and bruteforce techniques to achieve arbitrary code execution as LocalSystem.