CVE-2008-1914

BigAnt IM Server <2.2 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2008-1914. PoCs published by Metasploit, ryujin, MC, including Metasploit module exploits/windows/misc/bigant_server_250.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack buffer overflow in BigAnt Server 2.50 SP1 via a maliciously crafted GET request. It leverages SEH overwrites to achieve remote code execution.

Description

Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080. NOTE: some of these details are obtained from third party information.

Exploits (7)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16431

This is a Metasploit module exploiting a stack buffer overflow in BigAnt Server 2.50 SP1 via a maliciously crafted GET request. It leverages SEH overwrites to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BigAnt Server 2.50 SP1
No auth needed
Prerequisites: Network access to the target server on port 6660
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16430

This Metasploit module exploits a stack buffer overflow in BigAnt Server 2.2 by sending a crafted GET request with a long string to trigger an SEH overwrite, leading to arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BigAnt Server 2.2
No auth needed
Prerequisites: Network access to the target server on port 6080
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ryujin · pythonremotewindows
https://www.exploit-db.com/exploits/5451

This exploit targets a remote SEH overflow vulnerability in BigAnt Server 2.2, allowing unauthenticated remote code execution via a crafted GET request. The payload includes shellcode and a reverse shell setup.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BigAnt Server 2.2
No auth needed
Prerequisites: Network access to the target server · BigAnt Server 2.2 running on Windows 2000 SP4
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
pythonremotewindows
https://www.exploit-db.com/exploits/9690

This exploit targets a SEH overwrite vulnerability in BigAnt Server 2.50 by sending a crafted HTTP GET request with a payload that triggers a buffer overflow, leading to arbitrary code execution. The exploit uses a known SEH address from MFC42.DLL and includes shellcode for execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BigAnt Server 2.50
No auth needed
Prerequisites: Network access to the target server · BigAnt Server 2.50 running on the target
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
pythonremotewindows
https://www.exploit-db.com/exploits/9673

This exploit targets a SEH overwrite vulnerability in BigAnt Server 2.50, delivering a bind shell payload via a crafted GET request. It leverages a known p/p/r address in vbajet32.dll to achieve remote code execution on Windows XP SP3.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BigAnt Server 2.50
No auth needed
Prerequisites: Network access to the target server · BigAnt Server 2.50 running on Windows XP SP3
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC GREAT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/bigant_server_250.rb

This Metasploit module exploits a stack buffer overflow in BigAnt Server 2.50 SP1 via a crafted GET request to port 6660, leveraging SEH overwrite for remote code execution. It includes multiple targets for different Windows versions and uses alphanumeric encoding to avoid bad characters.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BigAnt Server 2.50 SP1
No auth needed
Prerequisites: Network access to BigAnt Server on port 6660 · Vulnerable version of BigAnt Server (2.50 SP1)
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/bigant_server.rb

This Metasploit module exploits a stack buffer overflow in BigAnt Server 2.2 by sending a crafted HTTP GET request with a long string to trigger arbitrary code execution. It uses SEH overwrites and alphanumeric encoding to bypass bad characters.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BigAnt Server 2.2
No auth needed
Prerequisites: Network access to BigAnt Server on port 6080
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5451
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1238/references
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28795
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/491035/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29831
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41830
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490916/100/0/threaded

Scores

EPSS 0.7372
EPSS Percentile 99.4%

Details

CWE
CWE-119
Status published
Products (1)
bigantsoft/bigant_messenger 2.2
Published Apr 22, 2008
Tracked Since Feb 18, 2026