CVE-2012-1465

NetMechanica NetDecision < 4.5.1 - Denial of Service via Long URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2012-1465. PoCs published by Metasploit, SecPod Research, Luigi Auriemma, sinn3r, including Metasploit module auxiliary/scanner/http/netdecision_traversal.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in NetDecision 4.5.1 HTTP Server by sending a maliciously crafted GET request with a long URI. The exploit leverages SEH overwrites to achieve remote code execution, requiring the victim to be interacting with the HttpSvr window.

Description

Stack-based buffer overflow in the HTTP Server in NetMechanica NetDecision before 4.6.1 allows remote attackers to cause a denial of service (application crash) via a long URL in an HTTP request. NOTE: some of these details are obtained from third party information.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18604

This Metasploit module exploits a buffer overflow in NetDecision 4.5.1 HTTP Server by sending a maliciously crafted GET request with a long URI. The exploit leverages SEH overwrites to achieve remote code execution, requiring the victim to be interacting with the HttpSvr window.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: NetDecision 4.5.1 HTTP Server
No auth needed
Prerequisites: Victim must be interacting with the HttpSvr window · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by SecPod Research · pythondoswindows
https://www.exploit-db.com/exploits/18541

This exploit sends a maliciously crafted HTTP GET request with an excessively long filename (1276 'A' characters) to trigger a denial-of-service condition in Netmechanica NetDecision HTTP Server version 4.5.1. The vulnerability arises from improper validation of long HTTP requests, causing the service to crash.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Netmechanica NetDecision HTTP Server version 4.5.1
No auth needed
Prerequisites: Network access to the target server · Target server running Netmechanica NetDecision HTTP Server version 4.5.1
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by Luigi Auriemma, sinn3r · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/netdecision_traversal.rb

This Metasploit module exploits a directory traversal vulnerability in NetDecision's TrafficGrapherServer.exe service by using a sequence of '...\' to traverse directories and retrieve arbitrary files from the server.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: NetDecision NOCVision Server (TrafficGrapherServer.exe)
No auth needed
Prerequisites: Network access to the target server · TrafficGrapherServer.exe service running on port 8087 or 8090
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Prabhu S Angadi, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/netdecision_http_bof.rb

This Metasploit module exploits a buffer overflow vulnerability in NetDecision 4.5.1 HTTP Server by sending a crafted HTTP GET request with a long URI to achieve remote code execution. The exploit leverages a SEH overwrite technique and requires the victim to be interacting with the HttpSvr window.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: NetDecision 4.5.1 HTTP Server
No auth needed
Prerequisites: Victim must be interacting with the HttpSvr window · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52194
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/79651
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73528
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52208
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18541
Various Sources x_refsource_confirm
http://www.netmechanica.com/news/?news_id=26
Exploit x_refsource_misc
http://secpod.org/blog/?p=484
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48168

Scores

EPSS 0.2740
EPSS Percentile 97.8%

Details

CWE
CWE-119
Status published
Products (1)
netmechanica/netdecision < 4.5.1
Published Mar 19, 2012
Tracked Since Feb 18, 2026