CVE-2014-4158

Kolibri 2.0 - Remote Code Execution via Long URI in GET Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-4158. PoCs published by Revin Hadi Saputra, Polunchis.

AI-analyzed exploit summary This exploit targets a SEH overflow vulnerability in Kolibri WebServer 2.0 via a malformed HTTP GET request. It uses an egghunter to locate and execute shellcode, achieving remote code execution.

Description

Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Revin Hadi Saputra · pythonremotewindows
https://www.exploit-db.com/exploits/34059

This exploit targets a SEH overflow vulnerability in Kolibri WebServer 2.0 via a malformed HTTP GET request. It uses an egghunter to locate and execute shellcode, achieving remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Kolibri WebServer 2.0
No auth needed
Prerequisites: Network access to the target server · Kolibri WebServer 2.0 running on a vulnerable OS
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Polunchis · pythonremotewindows
https://www.exploit-db.com/exploits/33027

This exploit triggers a stack-based buffer overflow in Kolibri 2.0 via a maliciously crafted GET request, leading to remote code execution. It uses a Meterpreter bind shell payload and targets a specific return address to execute arbitrary code.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Kolibri 2.0
No auth needed
Prerequisites: Network access to the target server · Kolibri 2.0 running on Windows XP SP3
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/68195
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/70808
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/33027
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/108090
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/34059

Scores

EPSS 0.1430
EPSS Percentile 96.1%

Details

CWE
CWE-119
Status published
Products (1)
senkas/kolibri 2.0
Published Jun 13, 2014
Tracked Since Feb 18, 2026