cbcvebase.
CVE-2014-9208
published 2015-09-11

CVE-2014-9208: Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown…

PriorityP262critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
9.26%
94.7th percentile
Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors.

Affected

1 ranges
VendorProductVersion rangeFixed in
advantechwebaccess<= 8.0

Detection & IOCsextracted from sources · hover to see the quote

filenameAspVCObj.dll
commandtarget.UpdateProject arg1, arg2, String(1044, "A"), arg4, arg5, arg6
commandtarget.InterfaceFilter String(1044, "A")
commandtarget.FileProcess 1, String(1044, "A")
commandtarget.GetWideStrCpy 1, String(1044, "A")
commandtarget.GetRecipeInfo 1, String(1044, "A")
commandtarget.GetLastTagNbr String(1044, "A")
commandtarget.ConvToSafeArray 1, String(2068, "A")
  • Monitor for ActiveX method calls to ASPVCOBJLib.AspDataDriven (AspVCObj.dll) with oversized string arguments (~1044 or ~2068 bytes) to methods: UpdateProject, InterfaceFilter, FileProcess, GetWideStrCpy, GetRecipeInfo, GetLastTagNbr, ConvToSafeArray — indicative of stack-based buffer overflow exploitation.
  • Publicly available exploits exist for this vulnerability; treat any inbound interaction with Advantech WebAccess ActiveX components from untrusted/internet-facing sources as high-risk.
  • An attacker with low skill would be able to exploit this vulnerability — lower the detection threshold accordingly for WebAccess-exposed systems.
  • ·All vulnerable methods reside in AspVCObj.dll within the ASPVCOBJLib.AspDataDriven ActiveX control; the overflow trigger buffer sizes differ per method (1044 bytes for most, 2068 bytes for ConvToSafeArray).
  • ·Affected versions are WebAccess 8.0 and all prior versions; the fixed version is WebAccess 8.0_20150816.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.