CVE-2014-9208

Advantech WebAccess <8.0.1 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9208. PoCs published by Praveen Darshanam.

AI-analyzed exploit summary The exploit demonstrates multiple buffer overflow vulnerabilities in Advantech WebAccess ActiveX controls, allowing remote code execution via crafted strings passed to vulnerable methods like UpdateProject, InterfaceFilter, and ConvToSafeArray.

Description

Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors.

Exploits (1)

exploitdb WORKING POC

by Praveen Darshanam · textdoswindows

https://www.exploit-db.com/exploits/38108

View Code ZIP pw:eip

The exploit demonstrates multiple buffer overflow vulnerabilities in Advantech WebAccess ActiveX controls, allowing remote code execution via crafted strings passed to vulnerable methods like UpdateProject, InterfaceFilter, and ConvToSafeArray.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Advantech WebAccess 8.0, 3.4.3

No auth needed

Prerequisites: Target system with vulnerable Advantech WebAccess installed · ActiveX controls enabled in browser

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://ics-cert.us-cert.gov/advisories/ICSA-15-251-01

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/38108/

Scores

EPSS 0.0926

EPSS Percentile 94.7%

Details

CWE

CWE-119

Status published

Products (1)

advantech/webaccess < 8.0

Published Sep 11, 2015

Tracked Since Feb 18, 2026