CVE-2009-3709

Konae Alleycode HTML Editor 2.21 - Stack-Based Buffer Overflow via TITLE Tag

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-3709. PoCs published by Dr_IDE, Rafael Sousa.

AI-analyzed exploit summary This exploit targets a local buffer overflow vulnerability in Alleycode HTML Editor 2.21 via a maliciously crafted HTML file. It leverages SEH overwrite with a P/P/R address from Kernel32.dll on Windows XP SP0 to execute a calc.exe payload.

Description

Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Dr_IDE · pythonlocalwindows

https://www.exploit-db.com/exploits/9866

View Code ZIP pw:eip

This exploit targets a local buffer overflow vulnerability in Alleycode HTML Editor 2.21 via a maliciously crafted HTML file. It leverages SEH overwrite with a P/P/R address from Kernel32.dll on Windows XP SP0 to execute a calc.exe payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Alleycode HTML Editor 2.21

No auth needed

Prerequisites: Victim must open the malicious HTML file in Alleycode HTML Editor 2.21 · Victim must click 'Tools -> Optimizer'

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Rafael Sousa · textlocalwindows

https://www.exploit-db.com/exploits/9991

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in AlleyCode HTML Editor version 2.21. The PoC involves creating an HTML file with an excessively long title tag, which triggers a crash when the 'Optimizer' tool is used, overwriting the EIP register with '41414141' (AAAA).

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: AlleyCode HTML Editor 2.21

No auth needed

Prerequisites: AlleyCode HTML Editor 2.21 installed · Ability to create and open an HTML file in the editor

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/0910-exploits/alleycode-overflow.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/58649

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36940

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/506987/100/0/threaded

Scores

EPSS 0.0590

EPSS Percentile 92.3%

Details

CWE

CWE-119

Status published

Products (1)

konae/alleycode_html_editor 2.21

Published Oct 16, 2009

Tracked Since Feb 18, 2026