CVE-2007-3614

SAP DB - Remote Code Execution via Stack-Based Buffer Overflow in waHTTP.exe

Title source: llm

Exploitation Summary

EIP tracks 4 public exploits for CVE-2007-3614. PoCs published by Metasploit, Heretic2, Mark Litchfield, including Metasploit module exploits/windows/http/sapdb_webtools.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in SAP DB 7.4 WebTools via an overly long GET request. It uses SEH overwrites to achieve remote code execution on Windows systems.

Description

Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields."

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16758

View Code ZIP pw:eip

This exploit targets a stack buffer overflow in SAP DB 7.4 WebTools via an overly long GET request. It uses SEH overwrites to achieve remote code execution on Windows systems.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SAP DB 7.4 WebTools

No auth needed

Prerequisites: Network access to the target SAP DB WebTools service on port 9999

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Heretic2 · c++remotewindows

https://www.exploit-db.com/exploits/4157

View Code ZIP pw:eip

This exploit targets CVE-2007-3614, a remote SEH overwrite vulnerability in SAP DB 7.4 WebTools. It sends a large buffer (~20000 bytes) to trigger an exception and execute shellcode, specifically a bind shell on port 4444.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SAP DB 7.4 WebTools

No auth needed

Prerequisites: Network access to SAP DB 7.4 WebTools service · Target system running Windows 2000

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Mark Litchfield · cremotewindows

https://www.exploit-db.com/exploits/30278

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in SAP DB Web Server 7.4, specifically overwriting SEH to achieve remote code execution with SYSTEM privileges. It includes a bindshell payload and supports multiple targets for different Windows 2000 configurations.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SAP DB 7.4 WebTools

No auth needed

Prerequisites: Network access to the vulnerable SAP DB Web Server · Target system running Windows 2000 with vulnerable SAP DB version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/sapdb_webtools.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in SAP DB 7.4 WebTools via an overly long GET request to execute arbitrary code. It uses SEH overwrites and alphanumeric encoding for payload delivery.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SAP DB 7.4 WebTools

No auth needed

Prerequisites: Network access to SAP DB WebTools on port 9999

MITRE ATT&CK