CVE-2008-0621

SAPLPD < 6.28 - Remote Code Execution via Long LPD Command Arguments

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-0621. PoCs published by Metasploit, BackBone, including Metasploit module exploits/windows/lpd/saplpd.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in SAP SAPLPD 6.28 by sending an overly long argument to execute arbitrary code. It uses a Metasploit module to deliver a payload and achieve remote code execution.

Description

Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16338

This exploit targets a stack buffer overflow in SAP SAPLPD 6.28 by sending an overly long argument to execute arbitrary code. It uses a Metasploit module to deliver a payload and achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SAP SAPLPD 6.28 (SAP Release 6.40)
No auth needed
Prerequisites: Network access to the target system on port 515
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by BackBone · cremotewindows_x86
https://www.exploit-db.com/exploits/5079

This exploit targets a buffer overflow vulnerability in SAPLPD 6.28 for Windows/NT. It sends a crafted payload to trigger a bind shell on the target system, allowing remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SAPLPD Version 6.28 for Windows/NT
No auth needed
Prerequisites: Network access to the target system · SAPLPD service running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/lpd/saplpd.rb

This Metasploit module exploits a stack buffer overflow in SAP SAPLPD 6.28 by sending an overly long argument to execute arbitrary code. It includes a payload encoder, stack adjustment, and a specific return address for the target version.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SAP SAPLPD 6.28 (SAP Release 6.40)
No auth needed
Prerequisites: Network access to the target on port 515
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (10)

Core 10
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28786
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/487575/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0409
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019300
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3619
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/487508/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0438
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28811
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27613
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5079

Scores

EPSS 0.7336
EPSS Percentile 99.4%

Details

CWE
CWE-119
Status published
Products (3)
sap/sapgui 7.10
sap/saplpd < 6.28
sap/sapsprint
Published Feb 06, 2008
Tracked Since Feb 18, 2026