CVE-2009-10006

CRITICAL

UFO: Alien Invasion <= 2.2.1 - Stack-based Buffer Overflow in IRC Client via Crafted 001 Message

Title source: llm

Exploitation Summary

EIP tracks 4 public exploits for CVE-2009-10006. PoCs published by Metasploit, Jason Geffner, Jason Geffner, dookie, including Metasploit module exploits/windows/misc/ufo_ai.

AI-analyzed exploit summary This is a functional Metasploit module exploiting a buffer overflow in the IRC client component of UFO: Alien Invasion 2.2.1. It crafts a malicious IRC server response to trigger a stack-based overflow, leading to arbitrary code execution on Mac OS X 10.5.8 x86 systems.

Description

UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC connection handling and does not require user interaction beyond launching the game.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteosx

https://www.exploit-db.com/exploits/16864

View Code ZIP pw:eip

This is a functional Metasploit module exploiting a buffer overflow in the IRC client component of UFO: Alien Invasion 2.2.1. It crafts a malicious IRC server response to trigger a stack-based overflow, leading to arbitrary code execution on Mac OS X 10.5.8 x86 systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: UFO: Alien Invasion 2.2.1

No auth needed

Prerequisites: Network access to the target's IRC client port (6667 by default) · Target running UFO: Alien Invasion 2.2.1 on Mac OS X 10.5.8 x86

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Jason Geffner · textremotewindows

https://www.exploit-db.com/exploits/14013

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in the IRC client component of UFO: Alien Invasion 2.2.1, allowing remote arbitrary code execution via a malformed server response. The PoC packet overwrites the return address to execute shellcode launching 'mspaint.exe'.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: UFO: Alien Invasion 2.2.1

No auth needed

Prerequisites: Network access to the target's IRC client · Ability to send a malformed IRC server response

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Jason Geffner, dookie · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/ufo_ai.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in the IRC client component of UFO: Alien Invasion 2.2.1 by sending a crafted IRC response to trigger a stack-based overflow, leading to remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: UFO: Alien Invasion 2.2.1

No auth needed

Prerequisites: Network access to the target's IRC client port (6667 by default) · Target running UFO: Alien Invasion 2.2.1 with vulnerable IRC client

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Jason Geffner, dookie · rubypocosx

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/misc/ufo_ai.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in the IRC client of UFO: Alien Invasion 2.2.1 on Mac OS X 10.5.8 x86. It leverages a heap-based execution payload stub to achieve remote code execution via a crafted IRC server response.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: UFO: Alien Invasion 2.2.1 IRC Client on Mac OS X 10.5.8 x86

No auth needed

Prerequisites: Network access to the target's IRC client port (6667 by default) · Target running UFO: Alien Invasion 2.2.1 on Mac OS X 10.5.8 x86

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/ufo_ai.rb

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/osx/misc/ufo_ai.rb

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/16864

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/14013

Various Sources vendor-advisory patch

https://www.moddb.com/news/ufo-alien-invasion-231-released

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/ufo-alien-invasion-irc-client-buffer-overflow

Scores

CVSS v4 9.3

EPSS 0.0081

EPSS Percentile 52.0%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

UFO: Alien Invasion Project/UFO: Alien Invasion < 2.2.1

Published Aug 22, 2025

Tracked Since Feb 18, 2026