CVE-2005-1086

AN HTTPD Server 1.42n - Remote Code Execution via Long User-Agent Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1086. PoCs published by Tan Chew Keong.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in AN HTTPD's 'cmdIS.DLL' by sending an HTTP GET request with an excessively long 'user-agent' header. The overflow occurs when 'GetEnvironmentStrings' copies environment variables into a finite buffer, potentially leading to arbitrary code execution.

Description

Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tan Chew Keong · textdoswindows

https://www.exploit-db.com/exploits/25364

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in AN HTTPD's 'cmdIS.DLL' by sending an HTTP GET request with an excessively long 'user-agent' header. The overflow occurs when 'GetEnvironmentStrings' copies environment variables into a finite buffer, potentially leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: AN HTTPD 1.42n

No auth needed

Prerequisites: Network access to the target server · AN HTTPD with vulnerable 'cmdIS.DLL'

MITRE ATT&CK