CVE-2004-1289

pcal 4.7.1 - Buffer Overflow via Crafted Calendar File

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-1289. PoCs published by Danny Lungstrom.

AI-analyzed exploit summary The provided text describes a buffer overflow vulnerability in PCAL when processing calendar files with excessively long holiday data. This vulnerability can lead to remote code execution as the user running the application.

Description

Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Danny Lungstrom · textremotelinux

https://www.exploit-db.com/exploits/25036

View Code ZIP pw:eip

The provided text describes a buffer overflow vulnerability in PCAL when processing calendar files with excessively long holiday data. This vulnerability can lead to remote code execution as the user running the application.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: PCAL (version not specified)

No auth needed

Prerequisites: A maliciously crafted calendar file with excessively long holiday data

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Danny Lungstrom · textremotelinux

https://www.exploit-db.com/exploits/25035

View Code ZIP pw:eip

The provided text describes a buffer overflow vulnerability in PCAL (CVE-2004-1289) triggered by excessively long lines in calendar files, leading to remote code execution. However, the actual exploit code is not included; only a reference to a binary exploit is provided.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: PCAL (version not specified)

No auth needed

Prerequisites: A maliciously crafted calendar file with excessively long lines

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Vendor Advisory x_refsource_misc

http://tigger.uic.edu/~jlongs2/holes/pcal.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/18552

Scores

EPSS 0.1469

EPSS Percentile 96.2%

Details

Status published

Products (6)

pcal/pcal 4.1.0

pcal/pcal 4.3.0

pcal/pcal 4.5.0

pcal/pcal 4.6.0

pcal/pcal 4.7.0

pcal/pcal 4.7.1

Published Jan 10, 2005

Tracked Since Feb 18, 2026