CVE-2009-3999

Exploitation Summary

EIP tracks 4 public exploits for CVE-2009-3999. PoCs published by Metasploit, AC8999, afifudinmtop, including Metasploit module exploits/windows/http/hp_power_manager_filename.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in HP Power Manager's 'formExportDataLogs' via a malformed 'fileName' parameter, leading to arbitrary remote code execution under the context of 'SYSTEM'. It uses an egghunter technique to locate and execute the payload.

Description

Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotecgi

https://www.exploit-db.com/exploits/18015

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in HP Power Manager's 'formExportDataLogs' via a malformed 'fileName' parameter, leading to arbitrary remote code execution under the context of 'SYSTEM'. It uses an egghunter technique to locate and execute the payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Power Manager 4.2 (Build 7 and 9)

No auth needed

Prerequisites: Network access to the target's HP Power Manager service on port 80

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by AC8999 · poc

https://github.com/AC8999/CVE-2009-3999-HP-Power-Manager-4.2-Build-7-Buffer-Overflow

View Code ZIP pw:eip

This repository contains a functional Python 3 exploit for CVE-2009-3999, targeting a buffer overflow in HP Power Manager 4.2 Build 7. The exploit uses an egghunter and dynamically generated shellcode via msfvenom to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Power Manager 4.2 Build 7

No auth needed

Prerequisites: Target IP and port · Attacker-controlled listener IP and port · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 19, 2026 Full analysis →

nomisec WORKING POC

by afifudinmtop · poc

https://github.com/afifudinmtop/CVE-2009-3999

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2009-3999, targeting a buffer overflow in HP Power Manager 4.2 (Build 7). The exploit uses a reverse shell payload generated via msfvenom and leverages an egghunter to locate the shellcode in memory.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Power Manager 4.2 (Build 7)

No auth needed

Prerequisites: Network access to the target HP Power Manager instance · Python 3 environment · msfvenom for payload generation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Alin Rad Pop · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_power_manager_filename.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in HP Power Manager's 'formExportDataLogs' via a malformed 'fileName' parameter, leading to arbitrary remote code execution under the context of 'SYSTEM'. It uses an egghunter technique to locate and execute the payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Power Manager 4.2 (Build 7 and 9)

No auth needed

Prerequisites: Network access to the target system · HP Power Manager service running

MITRE ATT&CK