CVE-2012-10053

CRITICAL

Simple Web Server 2.2 rc2 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2012-10053. PoCs published by Metasploit, mr.pr0n, mr.pr0n, juan vazquez, including Metasploit module exploits/windows/http/sws_connection_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Simple Web Server 2.2 rc2 via a maliciously crafted Connection header. It achieves remote code execution by overwriting the EIP and leveraging a 'call edi' instruction from libstdc++-6.dll.

Description

Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulnerability in its handling of the Connection HTTP header. When a remote attacker sends an overly long string in this header, the server uses vsprintf() without proper bounds checking, leading to a buffer overflow on the stack. This flaw allows remote attackers to execute arbitrary code with the privileges of the web server process. The vulnerability is triggered before authentication.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/20028

This Metasploit module exploits a stack-based buffer overflow in Simple Web Server 2.2 rc2 via a maliciously crafted Connection header. It achieves remote code execution by overwriting the EIP and leveraging a 'call edi' instruction from libstdc++-6.dll.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Simple Web Server 2.2 rc2
No auth needed
Prerequisites: Network access to the target server · Target running Simple Web Server 2.2 rc2
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by mr.pr0n · perlremotewindows
https://www.exploit-db.com/exploits/19937

This exploit targets a remote buffer overflow in SimpleWebServer 2.2-rc2 by sending a crafted HTTP request with an egghunter and shellcode to achieve remote code execution. It binds a shell on TCP port 4444.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SimpleWebServer 2.2-rc2
No auth needed
Prerequisites: Network access to the target · SimpleWebServer 2.2-rc2 running on Windows XP SP3
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by mr.pr0n, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/sws_connection_bof.rb

This Metasploit module exploits a stack-based buffer overflow in Simple Web Server 2.2 rc2 via a maliciously crafted Connection header. It leverages a vsprintf() vulnerability to achieve arbitrary code execution on Windows XP SP3 and Windows 7 SP1.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Simple Web Server 2.2 rc2
No auth needed
Prerequisites: Network access to the target server · Target running Simple Web Server 2.2 rc2
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by Rick2600, dookie · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/somplplayer_m3u.rb

This Metasploit module exploits a buffer overflow in Simple Open Music Player v1.0 via a crafted m3u file, allowing arbitrary code execution. It uses a standard stack-based overflow technique with a return address override.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Simple Open Music Player v1.0
No auth needed
Prerequisites: Victim must open the malicious m3u file with the vulnerable software
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v4 9.3
EPSS 0.7635
EPSS Percentile 99.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-121
Status published
Products (1)
PMSoftware/Simple Web Server 2.2 rc2
Published Aug 08, 2025
Tracked Since Feb 18, 2026