CVE-2005-3523

gpsdrive < 2.09 - Remote Code Execution via Format String in Friendsd2 Direction Field

Title source: manual

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-3523. PoCs published by Kevin Finisterre.

AI-analyzed exploit summary This exploit targets a format string vulnerability in GPSdrive 2.09-2, leveraging a buffer overflow to execute shellcode that binds a shell to port 5074. It uses a crafted input to overwrite memory addresses and achieve remote code execution.

Description

Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Kevin Finisterre · perlremotelinux_x86

https://www.exploit-db.com/exploits/1291

View Code ZIP pw:eip

This exploit targets a format string vulnerability in GPSdrive 2.09-2, leveraging a buffer overflow to execute shellcode that binds a shell to port 5074. It uses a crafted input to overwrite memory addresses and achieve remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: GPSdrive 2.09-2

No auth needed

Prerequisites: Network access to the target service · Target running GPSdrive 2.09-2

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Kevin Finisterre · perlremotelinux

https://www.exploit-db.com/exploits/1290

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in gpsdrive_2.09-2_powerpc.deb by overwriting the return address in the stack frame to execute shellcode. The shellcode establishes a reverse shell connection to a specified IP and port.