CVE-2005-0595

BadBlue 2.55 - Remote Code Execution via Long mfcisapicommand Parameter

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2005-0595. PoCs published by Metasploit, class101, including Metasploit module exploits/windows/http/badblue_ext_overflow.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack buffer overflow in BadBlue 2.5 via the EXT.dll component. It uses SEH overwrites to achieve remote code execution.

Description

Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16761

View Code ZIP pw:eip

This is a Metasploit module exploiting a stack buffer overflow in BadBlue 2.5 via the EXT.dll component. It uses SEH overwrites to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BadBlue 2.5

No auth needed

Prerequisites: Network access to the target · BadBlue 2.5 running on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by class101 · cremotewindows

https://www.exploit-db.com/exploits/845

View Code ZIP pw:eip

This exploit targets a stack-based buffer overflow in BadBlue Easy File Sharing Web Server v2.5 via ext.dll. It constructs a malicious payload with shellcode and return addresses to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BadBlue Easy File Sharing Web Server v2.5

No auth needed

Prerequisites: Network access to the target server · Target running vulnerable version of BadBlue

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/badblue_ext_overflow.rb

View Code ZIP pw:eip

This is a stack buffer overflow exploit for BadBlue 2.5 targeting the EXT.dll component via a malformed HTTP GET request. It leverages SEH overwrites to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BadBlue 2.5

No auth needed

Prerequisites: Network access to the target · BadBlue 2.5 running on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Patch mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0599.html

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/12673

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/14405

Scores

EPSS 0.6008

EPSS Percentile 99.0%

Details

Status published

Products (1)

working_resources_inc./badblue 2.55

Published May 02, 2005

Tracked Since Feb 18, 2026