CVE-2007-3624

SAP Message Server - Remote Code Execution via Long Group Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3624. PoCs published by Mark Litchfield.

AI-analyzed exploit summary This exploit demonstrates a heap-based buffer overflow in SAP Message Server by sending a maliciously crafted HTTP GET request with an oversized 'group' parameter. The vulnerability allows remote code execution with SYSTEM privileges due to inadequate boundary checks.

Description

Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mark Litchfield · textremotemultiple

https://www.exploit-db.com/exploits/30265

View Code ZIP pw:eip

This exploit demonstrates a heap-based buffer overflow in SAP Message Server by sending a maliciously crafted HTTP GET request with an oversized 'group' parameter. The vulnerability allows remote code execution with SYSTEM privileges due to inadequate boundary checks.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: SAP Message Server (versions affected by CVE-2007-3624)

No auth needed

Prerequisites: Network access to the SAP Message Server · SAP Message Server listening on port 8100

MITRE ATT&CK