CVE-2015-2094

Name of the Vulnerable Software and Affected Versions WebGate WinRDS (affected versions not specified)

Description The issue is a stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control, allowing remote attackers to execute arbitrary code. This can be achieved via unspecified vectors to the (1) PrintSiteImage, (2) PlaySiteAllChannel, (3) StopSiteAllChannel, or (4) SaveSiteImage function.

Recommendations As a temporary workaround, consider disabling the PrintSiteImage(), PlaySiteAllChannel(), StopSiteAllChannel(), and SaveSiteImage() functions until a patch is available. Restrict access to the WESPPlayback.WESPPlaybackCtrl.1 control to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.