CVE-2009-2227

B Labs Bopup Comm Server <3.2.26.5460 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2009-2227. PoCs published by Metasploit, His0k4, mu-b, including Metasploit module exploits/windows/misc/bopup_comm.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in Bopup Communications Server 3.2.26.5460 by sending a crafted packet to execute arbitrary code. It includes a payload with specific bad character restrictions and a return address for reliable exploitation.

Description

Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16445

This Metasploit module exploits a stack buffer overflow in Bopup Communications Server 3.2.26.5460 by sending a crafted packet to execute arbitrary code. It includes a payload with specific bad character restrictions and a return address for reliable exploitation.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Bopup Communications Server 3.2.26.5460
No auth needed
Prerequisites: Network access to the target server on port 19810
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by His0k4 · pythonremotewindows
https://www.exploit-db.com/exploits/9031

This exploit targets a buffer overflow vulnerability in Bopup Communications Server 3.2.26.5460 via SEH overwrite. It sends a crafted payload with shellcode to execute arbitrary code on the target system.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Bopup Communications Server 3.2.26.5460
No auth needed
Prerequisites: Network access to the target server on port 19810
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by mu-b · cremotewindows
https://www.exploit-db.com/exploits/9002

This exploit targets a buffer overflow vulnerability in Bopup Communications Server 3.2.26.5460. It crafts a malicious packet with a NOP sled and shellcode to achieve remote code execution, binding a shell to port 10000.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Bopup Communications Server 3.2.26.5460
No auth needed
Prerequisites: Network access to the target server on port 19810
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/bopup_comm.rb

This Metasploit module exploits a stack buffer overflow in Bopup Communications Server 3.2.26.5460 by sending a crafted packet to TCP port 19810, allowing arbitrary code execution. The exploit includes a payload with specific bad character restrictions and a stack adjustment for reliable execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Bopup Communications Server 3.2.26.5460
No auth needed
Prerequisites: Network access to the target server on port 19810
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9002
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1645
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35516
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51305
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/55275

Scores

EPSS 0.6858
EPSS Percentile 99.2%

Details

CWE
CWE-119
Status published
Products (1)
blabsoft/bopup_communication_server 3.2.26.5460
Published Jun 26, 2009
Tracked Since Feb 18, 2026