CVE-2006-5882

Linksys WPC300N Wireless-N Notebook Adapter Driver - Stack-Based Buffer Overflow via Long SSID in 802.11 Response Frame

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5882. PoCs published by H D Moore.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in the Broadcom Wireless driver (CVE-2006-5882) by sending a maliciously crafted 802.11 probe response with an overly long SSID, leading to remote code execution in kernel mode on vulnerable Windows XP SP2 systems.

Description

Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field.

Exploits (1)

exploitdb WORKING POC VERIFIED

by H D Moore · rubyremotewindows

https://www.exploit-db.com/exploits/2770

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in the Broadcom Wireless driver (CVE-2006-5882) by sending a maliciously crafted 802.11 probe response with an overly long SSID, leading to remote code execution in kernel mode on vulnerable Windows XP SP2 systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Broadcom Wireless Driver (bcmwl5.sys 3.50.21.10) on Windows XP SP2

No auth needed

Prerequisites: Lorcon2 library · Linux platform with supported wireless card · Target MAC address

MITRE ATT&CK