CVE-2015-2097

Exploitation Summary

EIP tracks 3 public exploits for CVE-2015-2097. PoCs published by Praveen Darshanam.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in WebGate eDVR Manager's Connect method via a crafted HTML file. It uses a combination of NOP sleds, shellcode, and SEH overwrite to achieve remote code execution.

Description

Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Praveen Darshanam · htmlremotewindows

https://www.exploit-db.com/exploits/36607

View Code ZIP pw:eip

This exploit targets a stack buffer overflow in WebGate eDVR Manager's Connect method via a crafted HTML file. It uses a combination of NOP sleds, shellcode, and SEH overwrite to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WebGate eDVR Manager (WESPSerialPort.dll)

No auth needed

Prerequisites: Victim must open the malicious HTML file in Internet Explorer 8 on Windows XP SP3

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Praveen Darshanam · htmlremotewindows

https://www.exploit-db.com/exploits/36602

View Code ZIP pw:eip

This exploit targets a stack overflow vulnerability in WESP SDK's ChangePassword function via a maliciously crafted HTML file. It uses a combination of NOP sleds, shellcode, and SEH overwrites to achieve remote code execution on vulnerable systems.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WESP SDK (package version 1.2)

No auth needed

Prerequisites: Victim must open the malicious HTML file in a vulnerable browser (IE6/7/8) · WESP SDK (package version 1.2) must be installed on the target system

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Praveen Darshanam · textremotewindows

https://www.exploit-db.com/exploits/36505

View Code ZIP pw:eip

This exploit targets a stack buffer overflow in WebGate eDVR Manager's WESPMonitor.WESPMonitorCtrl ActiveX control via the LoadImage method. It uses a crafted string to overwrite the SEH handler and execute shellcode for remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WebGate eDVR Manager WESPMonitor.WESPMonitorCtrl (Version 1.6.42.0)

No auth needed

Prerequisites: Target must have the vulnerable ActiveX control installed · Victim must visit a malicious webpage or open the exploit file

MITRE ATT&CK