CVE-2009-4660

BigAnt IM Server 2.50 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2009-4660. PoCs published by hack4love, blake, war4uthor, including Metasploit module exploits/windows/misc/bigant_server_usv.

AI-analyzed exploit summary This exploit targets a SEH overwrite vulnerability in BigAnt Server 2.50. It sends a crafted GET request with a payload that includes shellcode, triggering remote code execution on Windows XP SP2.

Description

Stack-based buffer overflow in the AntServer Module (AntServer.exe) in BigAnt IM Server 2.50 allows remote attackers to execute arbitrary code via a long GET request to TCP port 6660.

Exploits (4)

exploitdb WORKING POC VERIFIED
by hack4love · pythonremotewindows
https://www.exploit-db.com/exploits/9690

This exploit targets a SEH overwrite vulnerability in BigAnt Server 2.50. It sends a crafted GET request with a payload that includes shellcode, triggering remote code execution on Windows XP SP2.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BigAnt Server 2.50
No auth needed
Prerequisites: Network access to the target server · BigAnt Server 2.50 running on Windows XP SP2
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by blake · pythonremotewindows
https://www.exploit-db.com/exploits/9673

This exploit targets a SEH overwrite vulnerability in BigAnt Server 2.50, delivering a bind shell payload via a crafted GET request. It leverages a known return address in vbajet32.dll to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BigAnt Server 2.50
No auth needed
Prerequisites: Network access to the target server · BigAnt Server 2.50 running on Windows XP SP3
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by war4uthor · poc
https://github.com/war4uthor/CVE-2009-4660

This repository contains two functional Python scripts exploiting a buffer overflow vulnerability in BigAnt Server via a crafted 'USV' command. The exploits use SEH overwrite techniques and a reverse shell payload to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BigAnt Server
No auth needed
Prerequisites: Network access to the target server · BigAnt Server running on port 6660
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC GREAT
by Lincoln, DouBle_Zer0, jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/bigant_server_usv.rb

This Metasploit module exploits a stack buffer overflow in BigAnt Server 2.52 via a crafted USV command. The payload is XOR-encoded with 0x2a and leverages SEH overwrites for reliable remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BigAnt Server 2.52
No auth needed
Prerequisites: Network access to TCP port 6660 · BigAnt Server 2.52 running
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9673
Third Party Advisory mailing-list x_refsource_vim
http://www.attrition.org/pipermail/vim/2009-September/002271.html
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9690
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36704
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2679
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36407

Scores

EPSS 0.6186
EPSS Percentile 99.1%

Details

CWE
CWE-119
Status published
Products (1)
bigantsoft/bigant_messenger 2.50
Published Mar 03, 2010
Tracked Since Feb 18, 2026