CVE-2013-6937

VideoCharge Watermark Master 2.2.23 - Remote Code Execution via Long Name Attribute in .wstyle File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6937. PoCs published by Mike Czumak.

AI-analyzed exploit summary This exploit leverages a buffer overflow vulnerability in Watermark Master v2.2.23 by crafting a malicious .wstyle file. It overwrites the SEH handler to execute arbitrary code, specifically launching calc.exe via an alpha-numeric encoded payload.

Description

Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mike Czumak · pythonlocalwindows

https://www.exploit-db.com/exploits/29594

View Code ZIP pw:eip

This exploit leverages a buffer overflow vulnerability in Watermark Master v2.2.23 by crafting a malicious .wstyle file. It overwrites the SEH handler to execute arbitrary code, specifically launching calc.exe via an alpha-numeric encoded payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Watermark Master v2.2.23

No auth needed

Prerequisites: Access to the target system to place the malicious .wstyle file in the Video Styles folder · User interaction to apply the malicious style in Watermark Master

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/29594

Scores

EPSS 0.0333

EPSS Percentile 87.0%

Details

CWE

CWE-119

Status published

Products (1)

videocharge/watermark_master 2.2.23

Published Dec 04, 2013

Tracked Since Feb 18, 2026