CVE-2004-2167

latex2rtf 1.9.15 - Buffer Overflow via expandmacro Function

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-2167. PoCs published by D. J. Bernstein, uzzzval.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in LaTeX2rtf version 1.9.15 by crafting a malicious LaTeX file. It includes shellcode to create a file named 'EXPLOITED' and uses a stack-based overflow to execute arbitrary code.

Description

Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand.

Exploits (2)

exploitdb WORKING POC VERIFIED

by D. J. Bernstein · cremotelinux

https://www.exploit-db.com/exploits/24622

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in LaTeX2rtf version 1.9.15 by crafting a malicious LaTeX file. It includes shellcode to create a file named 'EXPLOITED' and uses a stack-based overflow to execute arbitrary code.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: LaTeX2rtf 1.9.15

No auth needed

Prerequisites: Victim must process the malicious LaTeX file with LaTeX2rtf

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by uzzzval · poc

https://github.com/uzzzval/cve-2004-2167

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2004-2167, a buffer overflow vulnerability in LaTeX2RTF. The exploit generates a malicious .tex file that triggers the vulnerability when processed by LaTeX2RTF, leading to arbitrary code execution.