MitreCVE-2015-2094

HistoryMar 09, 2015 - 2:59 p.m.

CVE-2015-2094

2015-03-0914:59:12

CWE-119

mitre

web.nvd.nist.gov

cve-2015-2094

stack-based buffer overflow

webgate winrds

remote code execution

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

High

EPSS

0.898

Percentile

98.8%

JSON

Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows remote attackers to execute arbitrary code via unspecified vectors to the (1) PrintSiteImage, (2) PlaySiteAllChannel, (3) StopSiteAllChannel, or (4) SaveSiteImage function.

Affected configurations

Nvd

Node

webgateincwinrds

VendorProductVersionCPE
webgateincwinrds*cpe:2.3:a:webgateinc:winrds:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
webgateinc	winrds	*	cpe:2.3:a:webgateinc:winrds::::::::

References

packetstormsecurity.com/files/131069/WebGate-WinRDS-2.0.8-StopSiteAllChannel-Stack-Overflow.html

www.osvdb.org/118905

www.osvdb.org/118906

www.osvdb.org/118907

www.osvdb.org/118908

www.securityfocus.com/bid/72841

www.zerodayinitiative.com/advisories/ZDI-15-071/

www.zerodayinitiative.com/advisories/ZDI-15-072/

www.zerodayinitiative.com/advisories/ZDI-15-073/

www.zerodayinitiative.com/advisories/ZDI-15-074/

www.exploit-db.com/exploits/36517/

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.9

Confidence

High

EPSS

0.898

Percentile

98.8%

JSON

Related for CVE-2015-2094