CVE-2005-3064

MultiTheftAuto <0.5 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3064. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit targets a UDP-based vulnerability in MultiTheftAuto server versions <= 0.5 patch 1, causing a crash or motd.txt reset by sending a malformed packet. It verifies server responsiveness before and after sending the exploit payload.

Description

MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client privileges when running command 40, which allows remote attackers to change or delete the message of the day (motd.txt).

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · cdoswindows

https://www.exploit-db.com/exploits/1235

View Code ZIP pw:eip

This exploit targets a UDP-based vulnerability in MultiTheftAuto server versions <= 0.5 patch 1, causing a crash or motd.txt reset by sending a malformed packet. It verifies server responsiveness before and after sending the exploit payload.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: MultiTheftAuto <= 0.5 patch 1

No auth needed

Prerequisites: network access to the target server · UDP port 4003 (or 24003) accessible

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Vendor Advisory x_refsource_misc

http://aluigi.altervista.org/adv/mtaboom-adv.txt

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/16926/

Exploit, Vendor Advisory mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037384.html

Scores

EPSS 0.0231

EPSS Percentile 81.1%

Details

Status published

Products (1)

multitheftauto/multitheftauto < 0.5_patch_1

Published Sep 27, 2005

Tracked Since Feb 18, 2026