CVE-2008-5904

xrdp < 0.4.1 - Buffer Overflow via Crafted RDP Color Pointer PDU

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5904. PoCs published by joe walko.

AI-analyzed exploit summary This is a proof-of-concept exploit for CVE-2008-5904, targeting XRDP <= 0.4.1. It demonstrates a remote pre-authentication vulnerability that can crash the XRDP daemon by overwriting EIP, though achieving reliable code execution is hindered by limitations in return address control and modern compiler protections.

Description

The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED
by joe walko · cdoslinux
https://www.exploit-db.com/exploits/8469

This is a proof-of-concept exploit for CVE-2008-5904, targeting XRDP <= 0.4.1. It demonstrates a remote pre-authentication vulnerability that can crash the XRDP daemon by overwriting EIP, though achieving reliable code execution is hindered by limitations in return address control and modern compiler protections.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Theoretical
Target: XRDP <= 0.4.1
No auth needed
Prerequisites: Network access to the target's RDP port (3389) · XRDP version <= 0.4.1
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2009/01/12/3
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48094

Scores

EPSS 0.0735
EPSS Percentile 93.6%

Details

CWE
CWE-20
Status published
Products (5)
xrdp/xrdp 0.3
xrdp/xrdp 0.3.1
xrdp/xrdp 0.3.2
xrdp/xrdp 0.4
xrdp/xrdp < 0.4.1
Published Jan 15, 2009
Tracked Since Feb 18, 2026