CVE-2015-2900

MEDCIN Engine <2.22.20153.226 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2900. PoCs published by securifera.

AI-analyzed exploit summary This is a functional exploit for CVE-2015-2900 targeting the MEDCIN Engine (medcinserv.exe or medcinservv22.exe) version 2.22.20142.166 and prior. It leverages heap manipulation and arbitrary writes to achieve remote code execution via shellcode injection.

Description

The AddUserFinding add_userfinding2 function in Medicomp MEDCIN Engine before 2.22.20153.226 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted packet on port 8190.

Exploits (1)

nomisec WORKING POC 6 stars

by securifera · poc

https://github.com/securifera/CVE-2015-2900-Exploit

View Code ZIP pw:eip

This is a functional exploit for CVE-2015-2900 targeting the MEDCIN Engine (medcinserv.exe or medcinservv22.exe) version 2.22.20142.166 and prior. It leverages heap manipulation and arbitrary writes to achieve remote code execution via shellcode injection.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: MEDCIN Engine (medcinserv.exe or medcinservv22.exe) <= 2.22.20142.166

No auth needed

Prerequisites: Network access to the target service · Target service running a vulnerable version of MEDCIN Engine

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources x_refsource_misc

http://www.securifera.com/advisories/CVE-2015-2898-2901/

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/675052

Scores

EPSS 0.0306

EPSS Percentile 85.9%

Details

CWE

CWE-119

Status published

Products (1)

medicomp/medcin_engine < 2.22.20142.166

Published Oct 29, 2015

Tracked Since Feb 18, 2026