CVE-2004-2271

MiniShare < 1.4.1 - Remote Code Execution via Long HTTP GET Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 8 public exploits for CVE-2004-2271. PoCs published by Metasploit, NoPh0BiA, class101, including Metasploit module exploits/windows/http/minishare_get_overflow.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack-based buffer overflow in Minishare 1.4.1 via a maliciously crafted HTTP GET request. It leverages a 'jmp esp' or 'push esp, ret' instruction to execute arbitrary shellcode, targeting multiple Windows versions.

Description

Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.

Exploits (8)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16754

This is a Metasploit module exploiting a stack-based buffer overflow in Minishare 1.4.1 via a maliciously crafted HTTP GET request. It leverages a 'jmp esp' or 'push esp, ret' instruction to execute arbitrary shellcode, targeting multiple Windows versions.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Minishare 1.4.1
No auth needed
Prerequisites: Network access to the Minishare web server · Target system running a vulnerable version of Minishare
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by NoPh0BiA · cremotewindows
https://www.exploit-db.com/exploits/636

This exploit targets a buffer overflow vulnerability in MiniShare 1.4.1, sending a crafted HTTP GET request with shellcode to achieve remote code execution. It establishes a reverse shell on port 4444.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MiniShare 1.4.1
No auth needed
Prerequisites: Network access to target · MiniShare 1.4.1 running on Windows 2000
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by class101 · cremotewindows
https://www.exploit-db.com/exploits/616

This exploit targets a buffer overflow vulnerability in MiniShare <= 1.4.1 by sending a crafted HTTP GET request with a malicious payload. It binds a shellcode to port 101, providing remote command execution on vulnerable systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MiniShare <= 1.4.1
No auth needed
Prerequisites: Network access to the target · Vulnerable MiniShare version running
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by kkirsche · poc
https://github.com/kkirsche/CVE-2004-2271

This repository contains a functional exploit for CVE-2004-2271, a buffer overflow vulnerability in the HTTP request handling of a target software. The exploit includes multiple stages: initial crash, EIP control, bad character identification, and a final reverse shell payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unknown (likely a web server or HTTP service from 2004)
No auth needed
Prerequisites: Network access to the target service · Target software running on a vulnerable version
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by pwncone · poc
https://github.com/pwncone/CVE-2004-2271-MiniShare-1.4.1-BOF

This repository contains a functional exploit for CVE-2004-2271, a buffer overflow vulnerability in MiniShare 1.4.1. The exploit uses an egghunter technique to locate shellcode placed in the 'Host' header of an HTTP GET request, bypassing space constraints.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MiniShare 1.4.1
No auth needed
Prerequisites: Target running MiniShare 1.4.1 on Windows XP SP3 32-bit · Network connectivity to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by war4uthor · poc
https://github.com/war4uthor/CVE-2004-2271

This repository contains a functional exploit for CVE-2004-2271, targeting a buffer overflow vulnerability in MiniShare HTTP server. The exploit includes a fuzzer and a reverse shell payload generator, demonstrating remote code execution via a crafted HTTP GET request.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MiniShare HTTP Server
No auth needed
Prerequisites: Network access to the target MiniShare HTTP server · Target server running on port 80
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by PercussiveElbow · poc
https://github.com/PercussiveElbow/CVE-2004-2271-MiniShare-1.4.1-Buffer-Overflow

This repository contains a functional Python exploit for CVE-2004-2271, a buffer overflow vulnerability in MiniShare 1.4.1. The exploit generates a reverse shell payload using msfvenom and targets multiple Windows versions with predefined return addresses.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MiniShare 1.4.1
No auth needed
Prerequisites: msfvenom installed · netcat listener set up · target IP/port and OS version known
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/minishare_get_overflow.rb

This is a Metasploit module exploiting a stack-based buffer overflow in Minishare 1.4.1 via a maliciously crafted HTTP request. It leverages a 'jmp esp' or similar instruction to redirect execution to the payload, achieving remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Minishare 1.4.1
No auth needed
Prerequisites: Network access to the Minishare server · Target system must be running a vulnerable version of Minishare
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Patch vdb-entry x_refsource_osvdb
http://www.osvdb.org/11530
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17978
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11620
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/13114
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1012106
Vendor Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2004-11/0208.html

Scores

EPSS 0.7191
EPSS Percentile 99.3%

Details

Status published
Products (1)
minishare/minimal_http_server < 1.4.1
Published Dec 31, 2004
Tracked Since Feb 18, 2026