CVE-2009-20005

InterSystems Caché 2009.1 - Buffer Overflow

Title source: llm

Description

A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due to insufficient bounds checking, the input overflows a stack buffer, allowing an attacker to overwrite control structures and execute arbitrary code. It is unknown if this vulnerability was patched and an affected version range remains undefined.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16807

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/intersystems_cache.rb

View Code ZIP pw:eip

References (5)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/intersystems_cache.rb

[Various Sources] https://www.intersystems.com/products/cache/

[Various Sources] https://www.juniper.net/us/en/threatlabs/ips-signatures/detail.APP:INTERSYSTEMS-CACHE-OF.html

[Third Party Advisory] https://www.vulncheck.com/advisories/intersystems-cache-stack-buffer-overflow

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/16807

Scores

EPSS 0.6935

EPSS Percentile 98.6%

Classification

CWE

CWE-121

Status draft

Timeline

Published Sep 16, 2025

Tracked Since Feb 18, 2026