CVE-2015-2098

HIGH

WebGate eDVR Manager - Remote Code Execution via Stack-Based Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2015-2098. PoCs published by Praveen Darshanam.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in WebGate eDVR Manager via the SiteChannel property of WESPPlaybackCtrl. It uses a crafted string with NOP sleds and shellcode to achieve remote code execution on vulnerable systems.

Description

Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control; (5) Connect or (6) ConnectEx function in the WESPPTZ.WESPPTZCtrl.1 control; (7) SiteChannel property in the WESPPlayback.WESPPlaybackCtrl.1 control; (8) SiteName property in the WESPPlayback.WESPPlaybackCtrl.1 control; or (9) OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Praveen Darshanam · htmlremotewindows
https://www.exploit-db.com/exploits/36606

This exploit targets a stack buffer overflow in WebGate eDVR Manager via the SiteChannel property of WESPPlaybackCtrl. It uses a crafted string with NOP sleds and shellcode to achieve remote code execution on vulnerable systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WebGate eDVR Manager 2.6.4
No auth needed
Prerequisites: Vulnerable version of WebGate eDVR Manager · Internet Explorer 6/7/8 on Windows XP SP3
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Praveen Darshanam · htmlremotewindows
https://www.exploit-db.com/exploits/36603

This exploit targets a stack buffer overflow in WebGate eDVR Manager via the AudioOnlySiteChannel property. It uses a crafted HTML file with JavaScript to trigger the vulnerability, leading to arbitrary code execution via shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WebGate eDVR Manager 2.6.4
No auth needed
Prerequisites: Victim must open the malicious HTML file in a vulnerable browser (IE6/7/8)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Praveen Darshanam · htmlremotewindows
https://www.exploit-db.com/exploits/36519

This exploit targets a stack-based buffer overflow in WebGate eDVR Manager's WESPPlayback.WESPPlaybackCtrl.1 ActiveX control via the SiteName property. It leverages SEH overwrite with a custom payload to achieve remote code execution (calc.exe).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WebGate eDVR Manager 2.6.4
No auth needed
Prerequisites: Target must have WebGate eDVR Manager 2.6.4 installed · Target must access the malicious HTML file via Internet Explorer 6/7/8
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-058/
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-060/
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-061/
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-064/
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-065/
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-066/

Scores

CVSS v3 8.8
EPSS 0.1398
EPSS Percentile 96.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-120
Status published
Products (1)
webgateinc/edvr_manager
Published Jul 22, 2021
Tracked Since Feb 18, 2026