CVE-2009-3708

Alleycode HTML Editor 2.21 - Stack-Based Buffer Overflow via Long META Tag Value

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-3708.

AI-analyzed exploit summary This is a functional exploit for a local buffer overflow vulnerability in Alleycode HTML Editor 2.21. It leverages an SEH overwrite with a crafted HTML file to achieve arbitrary code execution (spawning calc.exe) when the victim opens the file and clicks 'Tools -> Optimizer'.

Description

Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a (1) description or (2) keyword META tag. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (2)

exploitdb WORKING POC

pythonlocalwindows

https://www.exploit-db.com/exploits/9866

View Code ZIP pw:eip

This is a functional exploit for a local buffer overflow vulnerability in Alleycode HTML Editor 2.21. It leverages an SEH overwrite with a crafted HTML file to achieve arbitrary code execution (spawning calc.exe) when the victim opens the file and clicks 'Tools -> Optimizer'.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Alleycode HTML Editor 2.21

No auth needed

Prerequisites: Victim must open the malicious HTML file and interact with the 'Tools -> Optimizer' feature

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

exploitdb WORKING POC

localwindows

https://www.exploit-db.com/exploits/9991

View Code ZIP pw:eip

The exploit demonstrates a buffer overflow vulnerability in AlleyCode HTML Editor version 2.21. By creating an HTML file with an excessively long title tag and triggering the 'Optimizer' tool, the EIP register is overwritten with '41414141' (AAAA), indicating a successful control of execution flow.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: AlleyCode HTML Editor 2.21

No auth needed

Prerequisites: AlleyCode HTML Editor 2.21 installed · Ability to open a crafted HTML file in the editor

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/58649

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36940

Scores

EPSS 0.0449

EPSS Percentile 90.2%

Details

CWE

CWE-119

Status published

Products (1)

konae/alleycode_html_editor 2.21

Published Oct 16, 2009

Tracked Since Feb 18, 2026