CVE-2006-3252

PrivateWire Gateway <= 3.7 - Remote Code Execution via Long GET Request

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2006-3252. PoCs published by Metasploit, Michael Thumann, including Metasploit module exploits/windows/http/privatewire_gateway.

AI-analyzed exploit summary This exploit targets a buffer overflow in ADMCREG.EXE of PrivateWire Online Registration Facility (CVE-2006-3252). It leverages a JMP ESP instruction to redirect execution to the payload, with support for multiple Windows versions.

Description

Buffer overflow in the Online Registration Facility for Algorithmic Research PrivateWire VPN software up to 3.7 allows remote attackers to execute arbitrary code via a long GET request.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16760

This exploit targets a buffer overflow in ADMCREG.EXE of PrivateWire Online Registration Facility (CVE-2006-3252). It leverages a JMP ESP instruction to redirect execution to the payload, with support for multiple Windows versions.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PrivateWire Online Registration Facility (ADMCREG.EXE)
No auth needed
Prerequisites: Network access to the target · PrivateWire installation path
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Michael Thumann · remotewindows_x86
https://www.exploit-db.com/exploits/2680

This exploit targets a buffer overflow in ADMCREG.EXE of PrivateWire Gateway, leveraging a crafted HTTP GET request to execute arbitrary shellcode via a JMP ESP technique in USER32.DLL.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PrivateWire Gateway (ADMCREG.EXE)
No auth needed
Prerequisites: Network access to the target service · Target running vulnerable PrivateWire Gateway
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/privatewire_gateway.rb

This Metasploit module exploits a buffer overflow in ADMCREG.EXE of PrivateWire Online Registration Facility via a crafted HTTP request. It targets multiple Windows versions with specific return addresses to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PrivateWire Online Registration Facility (ADMCREG.EXE)
No auth needed
Prerequisites: Network access to the target system · PrivateWire installation path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1152
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27430
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/438329/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18647
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016382
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20812
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2549

Scores

EPSS 0.6163
EPSS Percentile 99.1%

Details

Status published
Products (1)
algorithmic_research/privatewire_gateway 3.7
Published Jun 27, 2006
Tracked Since Feb 18, 2026