Vulnerabilities > CVE-2004-2221 - Buffer Overflow vulnerability in Mercantec Softcart 4.00B

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mercantec
exploit available
metasploit
NVD
Published: 2004-12-31
Updated: 2017-07-11

Summary

Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request.

Vulnerable Configurations

Part Description Count
Application
Mercantec
1

Exploit-Db

  • descriptionMercantec SoftCart CGI Overflow. CVE-2004-2221. Remote exploit for windows platform
    idEDB-ID:16926
    last seen2016-02-02
    modified2010-09-20
    published2010-09-20
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16926/
    titleMercantec SoftCart CGI Overflow
  • descriptionMercantec SoftCart 4.00b CGI Overflow. CVE-2004-2221. Webapps exploit for cgi platform
    idEDB-ID:10037
    last seen2016-02-01
    modified2004-08-19
    published2004-08-19
    reporterskape
    sourcehttps://www.exploit-db.com/download/10037/
    titleMercantec SoftCart 4.00b - CGI Overflow

Metasploit

descriptionThis is an exploit for an undisclosed buffer overflow in the SoftCart.exe CGI as shipped with Mercantec's shopping cart software. It is possible to execute arbitrary code by passing a malformed CGI parameter in an HTTP GET request. This issue is known to affect SoftCart version 4.00b.
idMSF:EXPLOIT/BSDI/SOFTCART/MERCANTEC_SOFTCART
last seen2020-05-23
modified2017-07-24
published2006-12-14
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2221
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/bsdi/softcart/mercantec_softcart.rb
titleMercantec SoftCart CGI Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/82225/mercantec_softcart.rb.txt
idPACKETSTORM:82225
last seen2016-12-05
published2009-10-27
reportertrew
sourcehttps://packetstormsecurity.com/files/82225/Mercantec-Softcart-CGI-Overflow.html
titleMercantec Softcart CGI Overflow

References