CVE-2010-20114
HIGHVariCAD EN <2010-2.05 - Buffer Overflow
Title source: llmDescription
VariCAD EN up to and including version 2010-2.05 is vulnerable to a stack-based buffer overflow when parsing .dwb drawing files. The application fails to properly validate the length of input data embedded in the file, allowing a crafted .dwb file to overwrite critical memory structures. This flaw can be exploited locally by convincing a user to open a malicious file, resulting in arbitrary code execution.
Exploits (2)
metasploit
WORKING POC
GREAT
by n00b, dookie, MC, jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/varicad_dwb.rb
References (7)
Scores
CVSS v4
8.4
EPSS
0.0815
EPSS Percentile
92.2%
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Details
CWE
CWE-121
Status
published
Products (1)
VariCAD/VariCAD EN
< 2010-2.05
Published
Aug 21, 2025
Tracked Since
Feb 18, 2026