CVE-2007-2031

3proxy 0.5-0.5.3g - Remote Code Execution via Transparent Request Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2007-2031. PoCs published by Xpl017Elz, vade79.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in 3proxy HTTP Proxy 0.5.3g on Fedora Core 5/6. It leverages exec-shield bypass techniques to execute a reverse connect-back shell via crafted HTTP requests.

Description

Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Xpl017Elz · cremotelinux
https://www.exploit-db.com/exploits/3829

This exploit targets a buffer overflow vulnerability in 3proxy HTTP Proxy 0.5.3g on Fedora Core 5/6. It leverages exec-shield bypass techniques to execute a reverse connect-back shell via crafted HTTP requests.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: 3proxy HTTP Proxy 0.5.3g
No auth needed
Prerequisites: Network access to the vulnerable 3proxy server · Attacker-controlled server to receive the reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by vade79 · cremotewindows_x86
https://www.exploit-db.com/exploits/3822

This exploit targets a buffer overflow vulnerability in 3proxy v0.5.3g on Windows. It crafts a malicious HTTP request with a long 'Host' header to overwrite EIP and execute shellcode, resulting in a bind shell on port 7979.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: 3proxy v0.5.3g (Windows)
No auth needed
Prerequisites: Network access to the vulnerable 3proxy service · Knowledge of the target's IP and port
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by vade79 · cremotelinux
https://www.exploit-db.com/exploits/3821

This exploit targets a remote buffer overflow in 3proxy v0.5.3g via a crafted HTTP GET request with a long Host header. It includes shellcode for both bind and connect-back shells, leveraging a stack-based overflow in the logurl() function.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: 3proxy v0.5.3g
No auth needed
Prerequisites: Network access to the vulnerable 3proxy server · Knowledge of the target's return address (or brute-forcing capability)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200704-17.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25001
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33841
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24961
Patch x_refsource_confirm
http://3proxy.ru/0.5.3h/Changelog.txt
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1442
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23545
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/466650/100/100/threaded

Scores

EPSS 0.1531
EPSS Percentile 96.3%

Details

Status published
Products (1)
3proxy/3proxy < 0.5.3g
Published Apr 16, 2007
Tracked Since Feb 18, 2026