CVE-2004-1214

Kreed <1.05 - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1214.

AI-analyzed exploit summary This exploit targets multiple vulnerabilities in Kreed <= 1.05, including a format string vulnerability via client nickname, a DoS via oversized packets, and script dialog errors. The code includes functional network communication and packet crafting to trigger these issues.

Description

Format string vulnerability in Kreed 1.05 and earlier allows remote attackers to execute arbitrary code via format specifiers in (1) a nickname or (2) message text.

Exploits (1)

exploitdb WORKING POC

cdoswindows

https://www.exploit-db.com/exploits/672

View Code ZIP pw:eip

This exploit targets multiple vulnerabilities in Kreed <= 1.05, including a format string vulnerability via client nickname, a DoS via oversized packets, and script dialog errors. The code includes functional network communication and packet crafting to trigger these issues.

Classification

Working Poc 95%

Attack Type

Dos | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Kreed <= 1.05

No auth needed

Prerequisites: Network access to the target server · Target running Kreed <= 1.05

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=110201776207915&w=2

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11799

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/18343

Scores

EPSS 0.0699

EPSS Percentile 91.7%

Details

Status published

Products (1)

burut/kreed 1.5

Published Jan 10, 2005

Tracked Since Feb 18, 2026