CVE-2010-20114

HIGH

VariCAD EN <2010-2.05 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-20114. PoCs published by n00b, n00b, dookie, MC, jduck, including Metasploit module exploits/windows/fileformat/varicad_dwb.

AI-analyzed exploit summary This exploit demonstrates a local buffer overflow in VariCAD 2010-2.05 EN via a malicious .DWB file, leveraging a memcpy() overflow to overwrite exception handlers and execute shellcode. The PoC includes shellcode for both a calculator payload and a bind shell.

Description

VariCAD EN up to and including version 2010-2.05 is vulnerable to a stack-based buffer overflow when parsing .dwb drawing files. The application fails to properly validate the length of input data embedded in the file, allowing a crafted .dwb file to overwrite critical memory structures. This flaw can be exploited locally by convincing a user to open a malicious file, resulting in arbitrary code execution.

Exploits (2)

exploitdb WORKING POC VERIFIED

by n00b · clocalmultiple

https://www.exploit-db.com/exploits/11789

View Code ZIP pw:eip

This exploit demonstrates a local buffer overflow in VariCAD 2010-2.05 EN via a malicious .DWB file, leveraging a memcpy() overflow to overwrite exception handlers and execute shellcode. The PoC includes shellcode for both a calculator payload and a bind shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: VariCAD 2010-2.05 EN

No auth needed

Prerequisites: VariCAD 2010-2.05 EN installed · User interaction to open malicious .DWB file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

by n00b, dookie, MC, jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/varicad_dwb.rb