CVE-2007-4006

Mike Dubman Windows RSH daemon (rshd) 1.7 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2007-4006. PoCs published by Metasploit, Joey Mengele, including Metasploit module exploits/windows/misc/windows_rsh.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Windows RSH daemon 1.8. It sends a maliciously crafted payload to trigger the overflow and execute arbitrary code on the target system.

Description

Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16427

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Windows RSH daemon 1.8. It sends a maliciously crafted payload to trigger the overflow and execute arbitrary code on the target system.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Windows RSH daemon 1.8

No auth needed

Prerequisites: Network access to the target system · RSH daemon running on the target · CPORT configured between 512 and 1023

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Joey Mengele · cremotewindows

https://www.exploit-db.com/exploits/4222

View Code ZIP pw:eip

This exploit targets a stack overflow vulnerability in rshd.sourceforge.net's rshd service. It sends a crafted payload to trigger a buffer overflow and execute a bind shell on port 9999, allowing remote command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: rshd.sourceforge.net rshd service

No auth needed

Prerequisites: Network access to the target service on port 514

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/windows_rsh.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in Windows RSH daemon 1.8 by sending a crafted payload to TCP port 514, leveraging an unchecked input length vulnerability. It includes target-specific return addresses for Windows 2003 SP1, XP Pro SP2, and 2000 Pro SP4.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Windows RSH Daemon 1.8

No auth needed

Prerequisites: Network access to TCP port 514 · CPORT configured between 512-1023 on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources x_refsource_misc

http://www.wslabi.com/wabisabilabi/initPublishedBid.do?

Scores

EPSS 0.7306

EPSS Percentile 98.8%

Details

Status published

Products (1)

mike_dubman/windows_rsh_daemon 1.7

Published Jul 26, 2007

Tracked Since Feb 18, 2026