CVE-2013-6935

VideoCharge Watermark Master 2.2.23 - Remote Code Execution via Long SourcePath in WCF File

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-6935. PoCs published by metacom, metacom, Andrew Smith, including Metasploit module exploits/windows/fileformat/watermark_master.

AI-analyzed exploit summary This exploit leverages a buffer overflow vulnerability in Watermark Master 2.2.23 via a maliciously crafted .wcf file. It uses an SEH overwrite technique with a custom ROP chain to execute arbitrary shellcode, which in this case spawns calc.exe.

Description

Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.

Exploits (2)

exploitdb WORKING POC VERIFIED

by metacom · pythonlocalwindows

https://www.exploit-db.com/exploits/29327

View Code ZIP pw:eip

This exploit leverages a buffer overflow vulnerability in Watermark Master 2.2.23 via a maliciously crafted .wcf file. It uses an SEH overwrite technique with a custom ROP chain to execute arbitrary shellcode, which in this case spawns calc.exe.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Watermark Master 2.2.23

No auth needed

Prerequisites: Victim must open the malicious .wcf file in Watermark Master

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by metacom, Andrew Smith · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/watermark_master.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Watermark Master 2.2.23 via a maliciously crafted .WCF file. It leverages SEH overwrites to achieve remote code execution on Windows systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Watermark Master 2.2.23

No auth needed

Prerequisites: Victim must open a malicious .WCF file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/29327

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/133899/Watermark-Master-Buffer-Overflow-SEH.html

Scores

EPSS 0.3235

EPSS Percentile 98.1%

Details

CWE

CWE-119

Status published

Products (1)

videocharge/watermark_master 2.2.23

Published Dec 04, 2013

Tracked Since Feb 18, 2026