CVE-2015-7422

MEDIUM

IBM i Access 7.1 - Denial of Service via Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-7422. PoCs published by hyp3rlinx.

AI-analyzed exploit summary The exploit demonstrates a stack-based buffer overflow in IBM i Access for Windows, leading to arbitrary code execution via direct EIP overwrite or SEH overwrite. It includes three Python scripts targeting different components (ftdwprt.exe, ftdwinvw.exe, PCSWS.exe) with shellcode to spawn calc.exe.

Description

Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors.

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/38751

View Code ZIP pw:eip

The exploit demonstrates a stack-based buffer overflow in IBM i Access for Windows, leading to arbitrary code execution via direct EIP overwrite or SEH overwrite. It includes three Python scripts targeting different components (ftdwprt.exe, ftdwinvw.exe, PCSWS.exe) with shellcode to spawn calc.exe.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IBM i Access for Windows Release 7.1

No auth needed

Prerequisites: IBM i Access for Windows installed · Local or remote access to the target system

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020996

Various Sources vendor-advisory x_refsource_aixapar

http://www-01.ibm.com/support/docview.wss?uid=swg1SI57907

Scores

CVSS v3 5.5

EPSS 0.0081

EPSS Percentile 52.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-119

Status published

Products (1)

ibm/i_access 7.1

Published Jan 02, 2016

Tracked Since Feb 18, 2026