CVE-2015-2099

HIGH

WebGate Control Center RCE via Buffer Overflow in FileConverter/LoginController/WESPPlayback

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2099. PoCs published by Praveen Darshanam.

AI-analyzed exploit summary This exploit targets a stack overflow vulnerability in WebGate Control Center 4.8.7 via the GetThumbnail method in WESPPlayback.dll. It leverages SEH overwrite with a jump to shellcode, executing a calc.exe payload.

Description

Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.1 control, (2) Login function in the LoginContoller.LoginControllerCtrl.1 control, or (3) GetThumbnail function in the WESPPlayback.WESPPlaybackCtrl.1 control.

Exploits (1)

exploitdb WORKING POC
by Praveen Darshanam · htmlremotewindows
https://www.exploit-db.com/exploits/36518

This exploit targets a stack overflow vulnerability in WebGate Control Center 4.8.7 via the GetThumbnail method in WESPPlayback.dll. It leverages SEH overwrite with a jump to shellcode, executing a calc.exe payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WebGate Control Center 4.8.7
No auth needed
Prerequisites: Target must have WebGate Control Center 4.8.7 installed · Victim must open the malicious HTML file in a vulnerable browser (IE 6/7/8)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-055/
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-056/
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-063/

Scores

CVSS v3 8.8
EPSS 0.1407
EPSS Percentile 96.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-120
Status published
Products (1)
webgateinc/control_center
Published Jul 22, 2021
Tracked Since Feb 18, 2026