CVE-2013-2492

Firebird <2.1.5-2.5.3 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-2492. PoCs published by Metasploit, including Metasploit module exploits/windows/misc/fb_cnct_group.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in Firebird SQL Server (CVE-2013-2492) by sending a crafted CNCT packet to overwrite a pointer, leading to arbitrary code execution via a ROP chain that bypasses DEP.

Description

Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/41709

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in Firebird SQL Server (CVE-2013-2492) by sending a crafted CNCT packet to overwrite a pointer, leading to arbitrary code execution via a ROP chain that bypasses DEP.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Firebird SQL Server (versions 2.5.2.26539, 2.5.1.26351, 2.1.5.18496, 2.1.4.18393)

No auth needed

Prerequisites: Network access to Firebird SQL Server (default port 3050)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb