CVE-2009-1394

Motorola Timbuktu Pro - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16370

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by bannedit · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/timbuktu_plughntcommand_bof.rb

View Code ZIP pw:eip

References (6)

[Third Party Advisory] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=809

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1022455

[Vendor Advisory] http://www.netopia.com/software/products/tb2/

[Third Party Advisory] http://secunia.com/advisories/35533

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/35496

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/504554/100/0/threaded

Scores

EPSS 0.4901

EPSS Percentile 97.8%

Details

CWE

CWE-119

Status published

Products (1)

motorola/timbuktu_pro 8.6.5

Published Jun 26, 2009

Tracked Since Feb 18, 2026