EIP-2026-118658

PRE-CVE

httpdx 1.5.4 - Remote Heap Overflow

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118658. PoCs published by st3n.

AI-analyzed exploit summary This Perl script exploits a remote heap overflow in httpdx <= 1.5.4 by sending a maliciously crafted POST request with a large Content-Length header. It overwrites the _VECTORED_EXCEPTION_NODE structure to redirect execution to shellcode, achieving remote code execution (RCE).

Description

httpdx 1.5.4 - Remote Heap Overflow

Exploits (1)

exploitdb WORKING POC VERIFIED

by st3n · perlremotewindows

https://www.exploit-db.com/exploits/20120

View Code ZIP pw:eip

This Perl script exploits a remote heap overflow in httpdx <= 1.5.4 by sending a maliciously crafted POST request with a large Content-Length header. It overwrites the _VECTORED_EXCEPTION_NODE structure to redirect execution to shellcode, achieving remote code execution (RCE).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: httpdx <= 1.5.4

No auth needed

Prerequisites: Network access to the target httpdx server · A valid page (e.g., test.pl) configured in httpdx.conf

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026