CVE-2009-4988

SAP Business One 2005 A - Stack-Based Buffer Overflow via GIOP Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-4988. PoCs published by Metasploit, Bruk0ut, including Metasploit module exploits/windows/misc/sap_2005_license.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in SAP Business One License Manager 2005 by sending an excessively long string to overwrite the stack, enabling arbitrary code execution. It targets the 'NT Naming Service' on port 30000.

Description

Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16423

This Metasploit module exploits a stack buffer overflow in SAP Business One License Manager 2005 by sending an excessively long string to overwrite the stack, enabling arbitrary code execution. It targets the 'NT Naming Service' on port 30000.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SAP Business One License Manager 2005
No auth needed
Prerequisites: Network access to the target system on port 30000
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Bruk0ut · pythonremotewindows
https://www.exploit-db.com/exploits/9319

This exploit targets a stack-based buffer overflow in SAP Business One 2005-A License Manager (NT_Naming_Service.exe) via TCP port 30000. It sends a crafted GIOP header followed by a large buffer containing a NOP sled, a return address (JMP ESP from User32.dll), and shellcode to execute arbitrary commands (e.g., launching notepad.exe).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SAP Business One 2005-A License Manager (6.80.123 SP:00 PL:06, 6.80.320 SP:01 PL:34)
No auth needed
Prerequisites: Network access to TCP port 30000 on the target · Target running vulnerable SAP Business One 2005-A License Manager
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/sap_2005_license.rb

This Metasploit module exploits a stack buffer overflow in SAP Business One License Manager 2005 by sending an excessively long string to overwrite the stack, enabling arbitrary code execution. The exploit targets the 'NT Naming Service' on port 30000 and includes a payload with specific bad character restrictions and stack adjustments.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SAP Business One License Manager 2005
No auth needed
Prerequisites: Network access to the target system on port 30000 · SAP Business One License Manager 2005 running on the target
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52256
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022655
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2170
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36103
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9319
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/505489/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35933

Scores

EPSS 0.6552
EPSS Percentile 99.2%

Details

CWE
CWE-119
Status published
Products (2)
sap/business_one_2005-a 6.80.123
sap/business_one_2005-a 6.80.320
Published Aug 25, 2010
Tracked Since Feb 18, 2026