CVE-2010-0359

Zeus Web Server - Buffer Overflow via SSLv2 Client Hello Message

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0359. PoCs published by Intevydis.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Zeus Web Server by sending a maliciously crafted SSLv2 Client Hello message. The overflow occurs due to inadequate boundary checks, potentially allowing arbitrary code execution or causing a denial-of-service condition.

Description

Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Intevydis · pythondosmultiple

https://www.exploit-db.com/exploits/33531

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Zeus Web Server by sending a maliciously crafted SSLv2 Client Hello message. The overflow occurs due to inadequate boundary checks, potentially allowing arbitrary code execution or causing a denial-of-service condition.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Zeus Web Server versions prior to 4.3r5

No auth needed

Prerequisites: Network access to the target server · Zeus Web Server with SSLv2 enabled

MITRE ATT&CK