Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.
Published 2004-02-06 05:00:00
Updated 2017-07-11 01:31:37
Source MITRE
View at NVD,   CVE.org
Vulnerability category: OverflowExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2004-2086

Probability of exploitation activity in the next 30 days: 27.14%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2004-2086

  • Sambar 6 Search Results Buffer Overflow
    Disclosure Date: 2003-06-21
    First seen: 2020-04-26
    exploit/windows/http/sambar6_search_results
    This module exploits a buffer overflow found in the /search/results.stm application that comes with Sambar 6. This code is a direct port of Andrew Griffiths's SMUDGE exploit, the only changes made were to the nops and payload. This exploit causes the service to die, wh

CVSS scores for CVE-2004-2086

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
5.0
MEDIUM AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
NIST

References for CVE-2004-2086

Products affected by CVE-2004-2086

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!