CVE-2014-2994
published 2014-04-27CVE-2014-2994: Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file…
PriorityP258critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
26.22%
97.7th percentile
Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acunetix | web_vulnerability_scanner | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x54\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49
- →The exploit is triggered by an HTML file containing an IMG element with a long URL in the src attribute, delivered via an external host. Detect scanning of HTML files with anomalously long IMG src attribute values (stack overflow trigger). ↗
- →The exploit payload uses x86/alpha_mixed encoding (alphanumeric shellcode). Network or file-based detection should look for large blocks of printable ASCII shellcode bytes embedded in HTML IMG src attributes. ↗
- →The malicious HTML file must be hosted on an external server and the victim (Acunetix WVS 8 build 20120704) must be configured to scan an external host to trigger the vulnerability. ↗
- →Bind shell payload opens TCP port 4444 on the victim. Monitor for unexpected listening services on port 4444 on hosts running Acunetix WVS. ↗
- ·Vulnerability is specific to Acunetix WVS version 8, build 20120704 only. Other builds or versions are not confirmed affected. ↗
- ·The exploit was tested only on Windows XP SP2 (English). Exploitation reliability on other Windows versions is unconfirmed. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Acunetix Web Vulnerability Scanner URL Conversion memory corruption (EDB-32997 / ID 122047)
vuldb·2026-05-12·CVSS 10.0
CVE-2014-2994 [CRITICAL] Acunetix Web Vulnerability Scanner URL Conversion memory corruption (EDB-32997 / ID 122047)
A vulnerability was found in Acunetix Web Vulnerability Scanner. It has been classified as critical. Affected is an unknown function of the component URL Conversion Handler. The manipulation leads to memory corruption.
This vulnerability is uniquely identified as CVE-2014-2994. The attack is possible to be carried out remotely. Moreover, an exploit is present. This vulnerability is considered historic because of its background and reception.
GHSA
GHSA-r3r3-jh75-c3jc: Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML
ghsa_unreviewed·2022-05-17
CVE-2014-2994 [HIGH] CWE-119 GHSA-r3r3-jh75-c3jc: Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML
Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).
No detection rules found.
No writeups or analysis indexed.
http://an7isec.blogspot.co.il/2014/04/pown-noobs-acunetix-0day.htmlhttp://osandamalith.wordpress.com/2014/04/24/pwning-script-kiddies-acunetix-buffer-overflow/http://packetstormsecurity.com/files/126306/Acunetix-8-Stack-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/126307/Acunetix-8-Scanner-Buffer-Overflow.htmlhttp://www.acunetix.com/blog/news/misleading-reports-0-day-acunetix-wvs/http://www.exploit-db.com/exploits/32997https://www.youtube.com/watch?v=RHaMx8K1GeMhttp://an7isec.blogspot.co.il/2014/04/pown-noobs-acunetix-0day.htmlhttp://osandamalith.wordpress.com/2014/04/24/pwning-script-kiddies-acunetix-buffer-overflow/http://packetstormsecurity.com/files/126306/Acunetix-8-Stack-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/126307/Acunetix-8-Scanner-Buffer-Overflow.htmlhttp://www.acunetix.com/blog/news/misleading-reports-0-day-acunetix-wvs/http://www.exploit-db.com/exploits/32997https://www.youtube.com/watch?v=RHaMx8K1GeM
2014-04-27
Published