CVE-2004-2685

YoungZSoft CCProxy < 6.2 - Remote Code Execution via Long Ping Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-2685. PoCs published by Patrick Webster, KaGra.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in CCProxy's Telnet service by sending an overly long address to the 'ping' command, allowing remote code execution.

Description

Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote attackers to execute arbitrary code via a long address in a ping (p) command to the Telnet proxy service, a different vector than CVE-2004-2416.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Patrick Webster · rubyremotewindows
https://www.exploit-db.com/exploits/4360

This Metasploit module exploits a stack-based buffer overflow in CCProxy's Telnet service by sending an overly long address to the 'ping' command, allowing remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: YoungZSoft CCProxy <= v6.2
No auth needed
Prerequisites: Network access to the target's Telnet service (port 23)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by KaGra · pythonremotewindows
https://www.exploit-db.com/exploits/621

This exploit targets a stack-based buffer overflow in CCProxy 6.2 via the ping command in the telnet service. It uses a JMP ESI instruction to redirect execution to shellcode that binds a shell on port 101.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CCProxy 6.2
No auth needed
Prerequisites: Network access to the CCProxy telnet service (port 23) · CCProxy 6.2 running on Windows XP SP1 English
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/621
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4360
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/13085
Various Sources x_refsource_misc
http://www.youngzsoft.net/ccproxy/whatsnew.htm

Scores

EPSS 0.0544
EPSS Percentile 91.7%

Details

CWE
CWE-119
Status published
Products (1)
youngzsoft/ccproxy < 6.2
Published Dec 31, 2004
Tracked Since Feb 18, 2026