CVE-2004-1317

Netcat for Windows 1.1 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2004-1317. PoCs published by Metasploit, class101, including Metasploit module exploits/windows/misc/netcat110_nt.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in Netcat v1.10 NT, leveraging SEH overwrite to achieve remote code execution. It sends a crafted payload to overwrite SEH and execute arbitrary code via a bound executable.

Description

Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16436

This exploit targets a stack buffer overflow in Netcat v1.10 NT, leveraging SEH overwrite to achieve remote code execution. It sends a crafted payload to overwrite SEH and execute arbitrary code via a bound executable.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Netcat v1.10 NT
No auth needed
Prerequisites: Netcat v1.10 NT running with the -e option to bind an executable to a port
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by class101 · cremotewindows
https://www.exploit-db.com/exploits/726

This exploit targets a buffer overflow vulnerability in Netcat v1.1's '-e' switch, allowing remote command execution via a crafted payload. The shellcode is designed to bypass bad characters and spawn a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Netcat v1.1
No auth needed
Prerequisites: Netcat v1.1 running with the '-e' switch · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/netcat110_nt.rb

This Metasploit module exploits a stack buffer overflow in Netcat v1.10 NT by sending an overly long string to overwrite SEH, achieving remote code execution. It targets the vulnerability in doexec.c when netcat binds an executable to a port.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Netcat v1.10 NT
No auth needed
Prerequisites: Netcat v1.10 NT running with the -e option to bind an executable to a port
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110429204712327&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18681
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110426936423890&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110425875504586&w=2
Vendor Advisory x_refsource_misc
http://www.hat-squad.com/en/000142.html

Scores

EPSS 0.6041
EPSS Percentile 99.0%

Details

Status published
Published Dec 27, 2004
Tracked Since Feb 18, 2026