CVE-2014-2994

Acunetix Web Vulnerability Scanner 8 build 20120704 - Stack-Based Buffer Overflow via IMG Element URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2994. PoCs published by An7i.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Acunetix Web Vulnerability Scanner 8 (build 20120704). It crafts a malicious HTML file that, when scanned, triggers a stack-based overflow via a long href attribute, leading to arbitrary code execution (e.g., calculator or bind shell).

Description

Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).

Exploits (1)

exploitdb WORKING POC
by An7i · pythonremotewindows
https://www.exploit-db.com/exploits/32997

This exploit targets a buffer overflow vulnerability in Acunetix Web Vulnerability Scanner 8 (build 20120704). It crafts a malicious HTML file that, when scanned, triggers a stack-based overflow via a long href attribute, leading to arbitrary code execution (e.g., calculator or bind shell).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Acunetix Web Vulnerability Scanner 8 (build 20120704)
No auth needed
Prerequisites: Victim must scan a malicious HTML file hosted by the attacker · WINHTTP.dll must be present at the expected address (no ASLR)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Scores

EPSS 0.2622
EPSS Percentile 97.7%

Details

CWE
CWE-119
Status published
Products (1)
acunetix/web_vulnerability_scanner 8 build_20120704
Published Apr 27, 2014
Tracked Since Feb 18, 2026