CVE-2010-1185

SAP MaxDB <7.6.07 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1185. PoCs published by S2 Crew.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in SAP MaxDB 7.7.06.09 via a malformed handshake request, leading to remote code execution. It uses a combination of shellcode, an egghunter, and a crafted packet to trigger the vulnerability.

Description

Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by S2 Crew · pythonremotewindows

https://www.exploit-db.com/exploits/11886

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in SAP MaxDB 7.7.06.09 via a malformed handshake request, leading to remote code execution. It uses a combination of shellcode, an egghunter, and a crafted packet to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SAP MaxDB 7.7.06.09

No auth needed

Prerequisites: Network access to the target SAP MaxDB instance on port 7210

MITRE ATT&CK