CVE-2004-1373

SHOUTcast 1.9.4 - Remote Code Execution via Format String in Content URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2004-1373. PoCs published by Metasploit, mandragore, pucik, including Metasploit module exploits/windows/http/shoutcast_format.

AI-analyzed exploit summary This is a Metasploit module exploiting a format string vulnerability in SHOUTcast DNAS/win32 1.9.4. The exploit crafts a malicious URI with format string specifiers to trigger a buffer overflow, leading to remote code execution.

Description

Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows_x86
https://www.exploit-db.com/exploits/16751

This is a Metasploit module exploiting a format string vulnerability in SHOUTcast DNAS/win32 1.9.4. The exploit crafts a malicious URI with format string specifiers to trigger a buffer overflow, leading to remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SHOUTcast DNAS/win32 v1.9.4
No auth needed
Prerequisites: Network access to the SHOUTcast server on port 8000 · Vulnerable version of SHOUTcast DNAS/win32
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by mandragore · cremotewindows
https://www.exploit-db.com/exploits/830

This exploit targets a format string vulnerability in Nullsoft SHOUTcast 1.9.4, leveraging a two-step process to overwrite the stack and achieve remote code execution via a bindshell. It includes shellcode and targets specific Windows versions (XP SP1, 2k SP4).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Nullsoft SHOUTcast 1.9.4
No auth needed
Prerequisites: Network access to the SHOUTcast server · Target must be running a vulnerable version of SHOUTcast
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by pucik · cremotelinux
https://www.exploit-db.com/exploits/712

This exploit targets a format string vulnerability in SHOUTcast DNAS/Linux v1.9.4, using a two-stage attack to overwrite memory addresses and execute a bind shell on port 7000. The first request injects shellcode, while the second uses format string manipulation to control execution flow.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SHOUTcast DNAS/Linux v1.9.4
No auth needed
Prerequisites: Network access to the SHOUTcast server on port 8000 · Target running SHOUTcast DNAS/Linux v1.9.4
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/shoutcast_format.rb

This Metasploit module exploits a format string vulnerability in SHOUTcast DNAS/win32 1.9.4 by sending a maliciously crafted file request, leading to remote code execution. The exploit leverages a format string overflow to overwrite memory and execute arbitrary payloads.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SHOUTcast DNAS/win32 v1.9.4
No auth needed
Prerequisites: Network access to the SHOUTcast server · SHOUTcast server running on port 8000
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18669
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12096
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1012675
Patch vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200501-04.xml
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110382975516003&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110886444014745&w=2

Scores

EPSS 0.7007
EPSS Percentile 99.3%

Details

Status published
Products (1)
nullsoft/shoutcast_server 1.9.4 (3 CPE variants)
Published Dec 23, 2004
Tracked Since Feb 18, 2026