CVE-2004-1561

Icecast <= 2.0.1 - Remote Code Execution via HTTP Header Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 9 public exploits for CVE-2004-1561. PoCs published by Metasploit, K-C0d3r, Delikon, including Metasploit module exploits/windows/http/icecast_header.

AI-analyzed exploit summary This exploit targets a buffer overflow in Icecast's header parsing, allowing remote code execution on Windows systems by overwriting the saved instruction pointer via 32 HTTP headers. It uses a Metasploit module to deliver a payload and includes a note about thread pool exhaustion due to ExitThread usage.

Description

Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers.

Exploits (9)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows_x86
https://www.exploit-db.com/exploits/16763

This exploit targets a buffer overflow in Icecast's header parsing, allowing remote code execution on Windows systems by overwriting the saved instruction pointer via 32 HTTP headers. It uses a Metasploit module to deliver a payload and includes a note about thread pool exhaustion due to ExitThread usage.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Icecast <= 2.0.1
No auth needed
Prerequisites: Network access to Icecast server on port 8000 · Windows target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by K-C0d3r · cremotewindows
https://www.exploit-db.com/exploits/573

This exploit targets a buffer overflow vulnerability in Icecast 2.0.1 on Windows systems. It sends a malformed HTTP GET request with a long string of 'a' characters followed by shellcode that adds an administrator account with username 'X' and password 'X'.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Icecast 2.0.1 (Win32)
No auth needed
Prerequisites: Network access to the target Icecast server on port 8000
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Delikon · cremotewindows
https://www.exploit-db.com/exploits/568

This exploit targets a buffer overflow vulnerability in Icecast <= 2.0.1 on Win32 systems. It sends a malformed HTTP GET request with embedded shellcode to achieve remote code execution, spawning a reverse shell on port 9999.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Icecast <= 2.0.1 Win32
No auth needed
Prerequisites: Network access to the target Icecast server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 6 stars
by ivanitlearning · poc
https://github.com/ivanitlearning/CVE-2004-1561

This repository contains a functional exploit for CVE-2004-1561, targeting Icecast <= 2.0.1 on Win32 systems. The exploit leverages a buffer overflow in the HTTP header processing to achieve remote code execution, demonstrated with a reverse shell payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Icecast <= 2.0.1 (Win32)
No auth needed
Prerequisites: Network access to the target Icecast server · Target must be running Icecast <= 2.0.1 on Win32
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SUSPICIOUS 3 stars
by thel1nus · poc
https://github.com/thel1nus/CVE-2004-1561-Notes

The repository claims to provide exploitation notes for CVE-2004-1561 but only contains a README directing users to download a specialized file format (.ctd) requiring external software. No actual exploit code or technical details are provided.

Classification
Suspicious 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: Icecast (version not specified)
No auth needed
Prerequisites: External note-taking software (CherryTree)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by darrynb89 · poc
https://github.com/darrynb89/CVE-2004-1561

This repository contains a functional Python exploit for CVE-2004-1561, a buffer overflow vulnerability in Icecast <= 2.0.1. The exploit sends a crafted HTTP request with a malicious payload to achieve remote code execution on vulnerable Windows systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Icecast <= 2.0.1
No auth needed
Prerequisites: Network access to the target Icecast server · Target running a vulnerable version of Icecast (<= 2.0.1) on Windows
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by ratiros01 · poc
https://github.com/ratiros01/CVE-2004-1561

This repository contains a functional Python exploit for CVE-2004-1561, a buffer overflow vulnerability in the Icecast server. The exploit sends a crafted HTTP request with shellcode to achieve remote code execution (RCE) on vulnerable systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Icecast server (versions prior to 2.0.1)
No auth needed
Prerequisites: Network access to the target Icecast server · Vulnerable Icecast version
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by Danyw24 · poc
https://github.com/Danyw24/CVE-2004-1561-Icecast-Header-Overwrite-buffer-overflow-RCE-2.0.1-Win32-

This repository contains a functional exploit for CVE-2004-1561, a buffer overflow vulnerability in Icecast <= 2.0.1 on Win32 systems. The exploit sends a malformed HTTP GET request with embedded shellcode to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Icecast <= 2.0.1 Win32
No auth needed
Prerequisites: Network access to the target Icecast server · Target running Icecast <= 2.0.1 on Win32
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC GREAT
by spoonm · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/icecast_header.rb

This exploit targets a buffer overflow in Icecast versions 2.0.1 and earlier by sending 32 HTTP headers to overwrite the saved instruction pointer on Win32 systems. It uses a custom payload with specific bad character restrictions and stack adjustments to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Icecast 2.0.1 and earlier
No auth needed
Prerequisites: Network access to Icecast server on port 8000 · Win32 target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit, Vendor Advisory x_refsource_misc
http://aluigi.altervista.org/adv/iceexec-adv.txt
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11271
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/12666/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1011439
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109640005127644&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/10446
Exploit, Vendor Advisory x_refsource_misc
http://www.securiteam.com/exploits/6X00315BFM.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109674593230539&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17538

Scores

EPSS 0.7827
EPSS Percentile 99.5%

Details

Status published
Products (2)
icecast/icecast 2.0
icecast/icecast 2.0.1
Published Dec 31, 2004
Tracked Since Feb 18, 2026