The SimpleServer:WWW personal webserver package from AnalogX can be compromised due to an overflowable buffer. If a GET request longer than 1000 bytes is received, the software will crash and data from the request gets pased to the EIP, meaning that an exploit could be created to run arbitrary code.
GET [1000 bytes] HTTP/1.1
AnalogX SimpleServer:WWW GET Request Remote Overflow
Remote / Network Access
Loss of Integrity
AnalogX SimpleServer:WWW contains a flaw that allows a remote attacker to execute arbitrary code on the server. The issue is due to the web server not properly sanitizing GET requests. If an attacker sends a sepcially crafted GET request longer than 1000 bytes, they can overflow a buffer to execute arbitrary code.
Upgrade to version 1.02 or higher, as it has been reported to fix this
vulnerability. An upgrade is required as there are no known workarounds.