CVE-2014-0980

Publish-It PUI Buffer Overflow (SEH)

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2014-0980. PoCs published by Metasploit, Andrew Smith, Muhamad Fadzil Ramli, including Metasploit module exploits/windows/fileformat/publishit_pui.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Publish-It via a crafted .PUI file, leveraging SEH overwrite for arbitrary code execution. It uses a template file, NOP sleds, and a payload to trigger the vulnerability.

Description

Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/36437

This Metasploit module exploits a stack-based buffer overflow in Publish-It via a crafted .PUI file, leveraging SEH overwrite for arbitrary code execution. It uses a template file, NOP sleds, and a payload to trigger the vulnerability.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Publish-It 3.6d
No auth needed
Prerequisites: Victim must open a malicious .PUI file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Andrew Smith · pythonlocalwindows
https://www.exploit-db.com/exploits/36104

This exploit targets a buffer overflow vulnerability in Publish-It 3.6d, leveraging SEH (Structured Exception Handler) overwrites to achieve remote code execution. The payload is embedded in a malformed file designed to trigger the vulnerability when processed by the target software.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Publish-It 3.6d
No auth needed
Prerequisites: Target system running Publish-It 3.6d · Ability to deliver malicious file to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Muhamad Fadzil Ramli · rubylocalwindows
https://www.exploit-db.com/exploits/31524

This exploit targets a SEH buffer overflow vulnerability in Publish-It 3.6d by crafting a malicious .pui file. The exploit leverages a long string of bytes to trigger the overflow, potentially allowing arbitrary code execution when the file is opened with 'Automatic Preview' enabled.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Publish-It v3.6d
No auth needed
Prerequisites: Automatic Preview option enabled in Publish-It · Victim must open the malicious .pui file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Core Security · textdoswindows
https://www.exploit-db.com/exploits/31461

This advisory describes a buffer overflow vulnerability in Publish-It software when processing .PUI files, allowing arbitrary code execution. The proof of concept demonstrates control over the EIP register with a crafted file.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Publish-It v3.6d
No auth needed
Prerequisites: User interaction to open a malicious .PUI file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Daniel Kazimirow, Andrew Smith · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/publishit_pui.rb

This Metasploit module exploits a stack-based buffer overflow in Publish-It 3.6d via a crafted .PUI file, leveraging SEH overwrites to achieve remote code execution. The exploit constructs a malicious file with a payload, NOPs, and a structured exception handler bypass.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Publish-It 3.6d
No auth needed
Prerequisites: Victim must open the malicious .PUI file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90989
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Feb/34
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/125089
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/31461
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65366
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/102911
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/530943/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56618

Scores

EPSS 0.4036
EPSS Percentile 98.5%

Details

CWE
CWE-119
Status published
Products (1)
poster_software/publish_it 3.6d
Published Feb 11, 2014
Tracked Since Feb 18, 2026