CVE-2007-6377

BadBlue <2.72b - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string.

Exploits (5)

nomisec NO CODE 1 stars

by Nicoslo · poc

https://github.com/Nicoslo/Windows-exploitation-BadBlue-2.7-CVE-2007-6377

View Code ZIP pw:eip

exploitdb WORKING POC

remotewindows

https://www.exploit-db.com/exploits/4715

View on exploitdb

exploitdb WORKING POC VERIFIED

by Jacopo Cervini · perlremotewindows

https://www.exploit-db.com/exploits/4784

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/badblue_passthru.rb

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16806

View Code ZIP pw:eip

References (9)

[Third Party Advisory] http://aluigi.altervista.org/adv/badblue-adv.txt

[Exploit] http://aluigi.altervista.org/poc/badbluebof.txt

[Third Party Advisory, VDB Entry] http://osvdb.org/42416

[Vendor Advisory] http://secunia.com/advisories/28031

[Exploit] http://www.securityfocus.com/bid/26803

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/484834/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4784

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/4160

[Third Party Advisory] http://securityreason.com/securityalert/3448

Scores

EPSS 0.8278

EPSS Percentile 99.2%

Classification

CWE

CWE-119

Status draft

Affected Products (1)

badblue/badblue < 2.72b

Timeline

Published Dec 15, 2007

Tracked Since Feb 18, 2026