CVE-2012-6275

BigAntSoft BigAnt IM Message Server - Stack-Based Buffer Overflow via SCH or DUPF Request

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-6275. PoCs published by Metasploit, Hamburgers Maccoy, juan vazquez, including Metasploit module exploits/windows/misc/bigant_server_sch_dupf_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in BigAnt Server 2.97 SP7 via crafted SCH and DUPF requests, achieving remote code execution. It uses ROP techniques for Windows 2003 SP2 and direct EIP control for Windows XP SP3.

Description

Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the userid component in a DUPF request.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/24527

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in BigAnt Server 2.97 SP7 via crafted SCH and DUPF requests, achieving remote code execution. It uses ROP techniques for Windows 2003 SP2 and direct EIP control for Windows XP SP3.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BigAnt Server 2.97 SP7

No auth needed

Prerequisites: Network access to BigAnt Server on port 6661

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Hamburgers Maccoy, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/bigant_server_sch_dupf_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in BigAnt Server 2.97 SP7 by sending maliciously crafted SCH and DUPF requests, leading to remote code execution. The exploit leverages ROP chains and precise memory manipulation to bypass protections and execute payloads.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BigAnt Server 2.97 SP7

No auth needed

Prerequisites: Network access to the target server on port 6661

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/990652

Scores

EPSS 0.4650

EPSS Percentile 98.7%

Details

CWE

CWE-119

Status published

Products (1)

bigantsoft/bigant_im_message_server

Published Feb 24, 2013

Tracked Since Feb 18, 2026