CVE-2006-5571

CruiseWorks 1.09c-1.09d - Remote Code Execution via Long Doc Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5571. PoCs published by Tan Chew Keong.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Cruiseworks via the 'doc' parameter in '/scripts/cruise/cms.exe'. The provided URL-encoded shellcode attempts to execute arbitrary code, likely resulting in remote code execution (RCE).

Description

Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to execute arbitrary code via a long string in the doc parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tan Chew Keong · textremotewindows

https://www.exploit-db.com/exploits/28850

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Cruiseworks via the 'doc' parameter in '/scripts/cruise/cms.exe'. The provided URL-encoded shellcode attempts to execute arbitrary code, likely resulting in remote code execution (RCE).

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Cruiseworks 1.09c and 1.09d

No auth needed

Prerequisites: Network access to the target application · Vulnerable version of Cruiseworks

MITRE ATT&CK