CVE-2017-9544
CRITICALEFS Software Easy Chat Server <3.1 - Buffer Overflow
Title source: llmDescription
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Aitezaz Mohsin · pythonremotewindows
https://www.exploit-db.com/exploits/42155
metasploit
WORKING POC
NORMAL
by Marco Rivoli, Aitezaz Mohsin · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/easychatserver_seh.rb
Scores
CVSS v3
9.8
EPSS
0.7959
EPSS Percentile
99.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
echatserver/easy_chat_server
2.0 - 3.1
Published
Jun 12, 2017
Tracked Since
Feb 18, 2026