CVE-2008-2158

EMC AlphaStor 3.1 SP1 - Remote Code Execution via Crafted TCP Packets

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-2158. PoCs published by Metasploit, including Metasploit module exploits/windows/emc/alphastor_agent.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in EMC AlphaStor 3.1 via a crafted message sent to port 41025. It leverages a known return address in dblib9.dll to achieve remote code execution.

Description

Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16391

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in EMC AlphaStor 3.1 via a crafted message sent to port 41025. It leverages a known return address in dblib9.dll to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: EMC AlphaStor 3.1

No auth needed

Prerequisites: Network access to port 41025 on the target system

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/emc/alphastor_agent.rb