CVE-2008-1914
CVE-2008-1914
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 73.7%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
15 Apr 2008Metasploit module available
22 Apr 2008Published on NVD
15 Sep 2009Public PoC
Weaponization speed
511 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080. NOTE: some of these details are obtained from third party information.
Affected products
n/a · n/apublic PoCs found — 5
exploitdbwww.exploit-db.com/exploits/16430unverifiedcve_referencewww.exploit-db.com/exploits/5451unverifiedexploitdbwww.exploit-db.com/exploits/9673unverifiedexploitdbwww.exploit-db.com/exploits/9690unverifiedexploitdbwww.exploit-db.com/exploits/16431unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://secunia.com/advisories/29831https://exchange.xforce.ibmcloud.com/vulnerabilities/41830https://www.exploit-db.com/exploits/5451http://www.securityfocus.com/archive/1/490916/100/0/threadedhttp://www.securityfocus.com/archive/1/491035/100/0/threadedhttp://www.securityfocus.com/bid/28795http://www.vupen.com/english/advisories/2008/1238/references