CVE-2015-1171

GSM SIM Utility <6.6 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-1171. PoCs published by Osanda Malith Jayathissa, Ruben Alejandro, including Metasploit module exploits/windows/fileformat/gsm_sim.

AI-analyzed exploit summary This exploit leverages a stack-based buffer overflow in Sim Editor v6.6 to execute arbitrary shellcode. It provides two payload options (MS Paint and Bind Shell) and generates a malicious .sms file to trigger the vulnerability.

Description

Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.

Exploits (2)

exploitdb WORKING POC

by Osanda Malith Jayathissa · textlocalwindows

https://www.exploit-db.com/exploits/35821

View Code ZIP pw:eip

This exploit leverages a stack-based buffer overflow in Sim Editor v6.6 to execute arbitrary shellcode. It provides two payload options (MS Paint and Bind Shell) and generates a malicious .sms file to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sim Editor v6.6

No auth needed

Prerequisites: Victim must open the malicious .sms file in Sim Editor v6.6

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Ruben Alejandro · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/gsm_sim.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in GSM SIM Editor 5.15 by crafting a malicious .sms file. It leverages a known vulnerability (CVE-2015-1171) to execute arbitrary code via a specially formatted payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GSM SIM Editor 5.15

No auth needed

Prerequisites: Victim must open the malicious .sms file in GSM SIM Editor 5.15

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit x_refsource_misc

https://osandamalith.wordpress.com/2015/01/16/sim-editor-stack-based-buffer-overflow/

Exploit x_refsource_misc

http://packetstormsecurity.com/files/129992/simeditor-overflow.txt

Exploit x_refsource_misc

https://www.youtube.com/watch?v=tljbFpYtDTk

Scores

EPSS 0.6266

EPSS Percentile 99.1%

Details

CWE

CWE-119

Status published

Products (1)

gsm/sim_card_editor 6.6

Published Aug 28, 2015

Tracked Since Feb 18, 2026