CVE-2015-2094
published 2015-03-09CVE-2015-2094: Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows remote attackers to execute arbitrary code via unspecified…
PriorityP259high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
14.01%
96.1th percentile
Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows remote attackers to execute arbitrary code via unspecified vectors to the (1) PrintSiteImage, (2) PlaySiteAllChannel, (3) StopSiteAllChannel, or (4) SaveSiteImage function.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for instantiation of the ActiveX control 'WESPPlayback.WESPPlaybackCtrl.1' in browser or script contexts, which is the vulnerable control exploited in CVE-2015-2094. ↗
- →Alert on calls to the functions PrintSiteImage, PlaySiteAllChannel, StopSiteAllChannel, or SaveSiteImage on the WESPPlayback ActiveX control, particularly with large or malformed arguments (e.g., NOP sleds and shellcode buffers passed as string arguments). ↗
- →Exploit PoCs use JavaScript variable-length string buffers (nops + shellcode + buff2) passed to PlaySiteAllChannel and StopSiteAllChannel — inspect script content in web pages for large repeated-character string construction targeting these method names. ↗
- ·The vulnerable version confirmed in public exploit PoCs is WebGate WinRDS 2.0.8; detections should be scoped to this version but may apply to other versions of the WESPPlayback ActiveX control. ↗
- ·The NVD advisory notes exploitation vectors are 'unspecified', meaning the exact input vector beyond the four named functions is not fully documented; detection coverage should encompass all four vulnerable methods. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WebGate WinRDS 2.0.8 - PlaySiteAllChannel Stack Buffer Overflow
exploitdb·2015-04-02
CVE-2015-2094 WebGate WinRDS 2.0.8 - PlaySiteAllChannel Stack Buffer Overflow
WebGate WinRDS 2.0.8 - PlaySiteAllChannel Stack Buffer Overflow
---
var arg1 = "";
var arg2 = 1;
var arg3 = 1;
var nops = "";
var shellcode = "";
var buff2 = "";
for (i=0; i
Exploit-DB
WebGate WinRDS 2.0.8 - StopSiteAllChannel Stack Overflow
exploitdb·2015-03-27
CVE-2015-2094 WebGate WinRDS 2.0.8 - StopSiteAllChannel Stack Overflow
WebGate WinRDS 2.0.8 - StopSiteAllChannel Stack Overflow
---
WebGate WinRDS WESPPlayback.WESPPlaybackCtrl.1 StopSiteAllChannel Stack Buffer Overflow Vulnerability (0Day)
var buff1 = "";
var nops = "";
var buff2 = "";
for (i=0;i
No writeups or analysis indexed.
http://packetstormsecurity.com/files/131069/WebGate-WinRDS-2.0.8-StopSiteAllChannel-Stack-Overflow.htmlhttp://www.osvdb.org/118905http://www.osvdb.org/118906http://www.osvdb.org/118907http://www.osvdb.org/118908http://www.securityfocus.com/bid/72841http://www.zerodayinitiative.com/advisories/ZDI-15-071/http://www.zerodayinitiative.com/advisories/ZDI-15-072/http://www.zerodayinitiative.com/advisories/ZDI-15-073/http://www.zerodayinitiative.com/advisories/ZDI-15-074/https://www.exploit-db.com/exploits/36517/http://packetstormsecurity.com/files/131069/WebGate-WinRDS-2.0.8-StopSiteAllChannel-Stack-Overflow.htmlhttp://www.osvdb.org/118905http://www.osvdb.org/118906http://www.osvdb.org/118907http://www.osvdb.org/118908http://www.securityfocus.com/bid/72841http://www.zerodayinitiative.com/advisories/ZDI-15-071/http://www.zerodayinitiative.com/advisories/ZDI-15-072/http://www.zerodayinitiative.com/advisories/ZDI-15-073/http://www.zerodayinitiative.com/advisories/ZDI-15-074/https://www.exploit-db.com/exploits/36517/
2015-03-09
Published