CVE-2004-1681

QNX Photon microGUI for QNX RTP 6.1 - Local Privilege Escalation via Long Server Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2004-1681. PoCs published by Julio Cesar Fort.

AI-analyzed exploit summary The exploit demonstrates a buffer overflow vulnerability in QNX Photon MicroGUI's pkg-installer utility. By supplying an overly long string to the -s parameter, an attacker can trigger a buffer overflow, potentially leading to arbitrary code execution.

Description

Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Julio Cesar Fort · textdosunix
https://www.exploit-db.com/exploits/24596

The exploit demonstrates a buffer overflow vulnerability in QNX Photon MicroGUI's pkg-installer utility. By supplying an overly long string to the -s parameter, an attacker can trigger a buffer overflow, potentially leading to arbitrary code execution.

Classification
Working Poc 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: QNX Photon MicroGUI (pkg-installer utility)
No auth needed
Prerequisites: Access to the target system · Ability to execute the pkg-installer command
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Julio Cesar Fort · textdosunix
https://www.exploit-db.com/exploits/24593

The provided text describes a buffer overflow vulnerability in QNX Photon MicroGUI utilities, specifically mentioning the `phrelay-cfg` command. It lacks executable exploit code but outlines the vulnerability and potential impact.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: QNX Photon MicroGUI (version not specified)
No auth needed
Prerequisites: Access to the target system · Ability to execute the vulnerable utility
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Julio Cesar Fort · textdosunix
https://www.exploit-db.com/exploits/24594

The exploit demonstrates a buffer overflow vulnerability in QNX Photon MicroGUI utilities, specifically targeting the 'phlocale' binary. The PoC shows a command-line injection with a long string of 'A's, which can lead to arbitrary code execution due to improper input validation.

Classification
Working Poc 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: QNX Photon MicroGUI (phlocale utility)
No auth needed
Prerequisites: Access to the target system · Ability to execute the 'phlocale' binary
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Julio Cesar Fort · textdosunix
https://www.exploit-db.com/exploits/24595

The exploit demonstrates a buffer overflow vulnerability in QNX Photon MicroGUI utilities, specifically targeting the 'input-cfg' binary. The vulnerability arises from insufficient validation of user-supplied input lengths, allowing arbitrary code execution in the context of the vulnerable setuid applications.

Classification
Working Poc 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: QNX Photon MicroGUI (input-cfg utility)
No auth needed
Prerequisites: Access to the target system · Presence of vulnerable QNX Photon MicroGUI utilities
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources x_refsource_misc
http://www.rfdslabs.com.br/qnx-advs-03-2004.txt
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109510393407597&w=2
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11164
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17339

Scores

EPSS 0.0106
EPSS Percentile 60.0%

Details

Status published
Products (2)
qnx/photon_microgui
qnx/rtp 6.1
Published Aug 26, 2004
Tracked Since Feb 18, 2026