CVE-2014-8386

Advantech AdamView < 4.3 - Remote Code Execution via Crafted GNI File Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8386. PoCs published by Muhamad Fadzil Ramli.

AI-analyzed exploit summary This exploit leverages a SEH-based buffer overflow in Advantech AdamView's .gni file parser to achieve remote code execution. The payload is crafted to bypass bad characters and includes a custom shellcode.

Description

Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file.

Exploits (1)

exploitdb WORKING POC

by Muhamad Fadzil Ramli · rubylocalwindows

https://www.exploit-db.com/exploits/35503

View Code ZIP pw:eip

This exploit leverages a SEH-based buffer overflow in Advantech AdamView's .gni file parser to achieve remote code execution. The payload is crafted to bypass bad characters and includes a custom shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Advantech AdamView 4.30.003

No auth needed

Prerequisites: Victim must open a malicious .gni file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Nov/57

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/35503

Exploit x_refsource_misc

http://www.coresecurity.com/advisories/advantech-adamView-buffer-overflow

Scores

EPSS 0.0592

EPSS Percentile 92.3%

Details

CWE

CWE-119

Status published

Products (1)

advantech/adamview < 4.3

Published Jan 20, 2015

Tracked Since Feb 18, 2026