CVE-2005-3992

WinEggDropShell 1.7 - Remote Code Execution via Long HTTP GET or FTP USER/PASS Commands

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3992. PoCs published by Sowhat.

AI-analyzed exploit summary This PoC exploits a pre-authentication remote stack overflow in WinEggDropShell via malformed HTTP GET or FTP USER commands. It sends a buffer of 512 'A' characters to trigger a denial-of-service (crash) condition.

Description

Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET request to the HTTP server, or a long (2) USER or (3) PASS command to the FTP server.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Sowhat · pythondoswindows
https://www.exploit-db.com/exploits/1353

This PoC exploits a pre-authentication remote stack overflow in WinEggDropShell via malformed HTTP GET or FTP USER commands. It sends a buffer of 512 'A' characters to trigger a denial-of-service (crash) condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: WinEggDropShell Eternity version (and possibly others)
No auth needed
Prerequisites: Network access to the target's HTTP (port 80) or FTP (port 21) service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Vendor Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0059.html
Vendor Advisory x_refsource_misc
http://secway.org/advisory/AD20051202.txt
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/226
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15682
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/418398

Scores

EPSS 0.0495
EPSS Percentile 91.0%

Details

Status published
Products (1)
wineggdropshell/wineggdropshell 1.7
Published Dec 04, 2005
Tracked Since Feb 18, 2026