CVE-2004-1793

YaSoft Switch Off <= 2.3 - Authenticated Stack-Based Buffer Overflow via SendMsg Action

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1793. PoCs published by MrNice.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in YaSoft Switch Off 2.3 by sending an excessively long 'message' parameter to the application, allowing remote code execution. It includes a reverse shell payload and supports both Windows 2000 and XP targets.

Description

Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote authenticated users to execute arbitrary code via a long message parameter in a SendMsg action to action.htm.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MrNice · cremotewindows

https://www.exploit-db.com/exploits/23509

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in YaSoft Switch Off 2.3 by sending an excessively long 'message' parameter to the application, allowing remote code execution. It includes a reverse shell payload and supports both Windows 2000 and XP targets.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: YaSoft Switch Off 2.3

Auth required

Prerequisites: Network access to the target · Target software running on port 8000 · Authentication if password is set

MITRE ATT&CK