CVE-2017-9544

CRITICAL

EFS Software Easy Chat Server <3.1 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2017-9544. PoCs published by Aitezaz Mohsin, adenkiewicz, Marco Rivoli, Aitezaz Mohsin, including Metasploit module exploits/windows/http/easychatserver_seh.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Easy Chat Server's registration page, leveraging an SEH overwrite to execute shellcode. The payload is delivered via a malformed HTTP POST request to the 'registresult.htm' endpoint.

Description

There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Aitezaz Mohsin · pythonremotewindows

https://www.exploit-db.com/exploits/42155

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Easy Chat Server's registration page, leveraging an SEH overwrite to execute shellcode. The payload is delivered via a malformed HTTP POST request to the 'registresult.htm' endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Easy Chat Server v2.0 to v3.1

No auth needed

Prerequisites: Network access to the target server · Easy Chat Server running a vulnerable version

MITRE ATT&CK

T1210 - Exploitation of Remote Services T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by adenkiewicz · poc

https://github.com/adenkiewicz/CVE-2017-9544

View Code ZIP pw:eip

This is a functional exploit for CVE-2017-9544, targeting a SEH-based buffer overflow in Easy Chat Server 3.1. It uses a reverse TCP shell payload generated via msfvenom to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: EFS Easy Chat Server 3.1

No auth needed

Prerequisites: Network access to the target server · Knowledge of target IP and port · Listener setup on attacker machine

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Marco Rivoli, Aitezaz Mohsin · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/easychatserver_seh.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow vulnerability in Easy Chat Server during user registration via SEH overwrite. It sends a maliciously crafted POST request to trigger the overflow and execute arbitrary payloads.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Easy Chat Server 2.0 to 3.1

No auth needed

Prerequisites: Network access to the target server · Easy Chat Server running on port 80

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42155/

Scores

CVSS v3 9.8

EPSS 0.2412

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

echatserver/easy_chat_server 2.0 - 3.1

Published Jun 12, 2017

Tracked Since Feb 18, 2026