CVE-2009-3861

SafeNet SoftRemote <10.8.9 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-3861. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/fileformat/safenet_softremote_groupname.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack buffer overflow in SafeNet SoftRemote Security Policy Editor <= 10.8.5 via an overly long GROUPNAME argument in a crafted security policy file. It achieves arbitrary code execution by overwriting the return address and injecting shellcode.

Description

Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a (1) TREENAME or (2) GROUPNAME Policy file (spd).

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16643

This is a Metasploit module exploiting a stack buffer overflow in SafeNet SoftRemote Security Policy Editor <= 10.8.5 via an overly long GROUPNAME argument in a crafted security policy file. It achieves arbitrary code execution by overwriting the return address and injecting shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SafeNet SoftRemote Security Policy Editor <= 10.8.5
No auth needed
Prerequisites: Victim must open the malicious .spd file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/safenet_softremote_groupname.rb

This Metasploit module exploits a stack buffer overflow in SafeNet SoftRemote Security Policy Editor <= 10.8.5 via an overly long GROUPNAME argument in a security policy file. It achieves arbitrary code execution by overwriting the return address and injecting a payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SafeNet SoftRemote Security Policy Editor <= 10.8.5
No auth needed
Prerequisites: Victim must open the malicious .spd file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023117
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3108
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507593/100/0/threaded
Vendor Advisory, URL Repurposed x_refsource_misc
http://www.senseofsecurity.com.au/advisories/SOS-09-008

Scores

EPSS 0.0373
EPSS Percentile 88.4%

Details

CWE
CWE-119
Status published
Products (16)
safenet-inc/softremote 1.7.1
safenet-inc/softremote 1.7.2
safenet-inc/softremote 1.7.7
safenet-inc/softremote 1.8.1
safenet-inc/softremote 1.9.0
safenet-inc/softremote 10.3.5
safenet-inc/softremote 10.7.7
safenet-inc/softremote 10.8.0
safenet-inc/softremote 10.8.1
safenet-inc/softremote 10.8.2
... and 6 more
Published Nov 04, 2009
Tracked Since Feb 18, 2026