PT-2014-5009 · Acunetix · Acunetix Web Vulnerability Scanner

Published

2014-04-27

Updated

2014-04-28

CVE-2014-2994

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Acunetix Web Vulnerability Scanner (WVS) version 8 build 20120704

Description The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This can be achieved by using an HTML file that contains an IMG element with a long URL in the src attribute.

Recommendations For Acunetix Web Vulnerability Scanner (WVS) version 8 build 20120704, consider avoiding the use of long URLs in the src attribute of IMG elements in HTML files until a patch is available. As a temporary workaround, restrict the processing of HTML files with long URLs in the src attribute to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2014-2994

Affected Products

Acunetix Web Vulnerability Scanner

PT-2014-5009 · Acunetix · Acunetix Web Vulnerability Scanner

CVE-2014-2994

Weakness Enumeration

Related Identifiers

Affected Products

References · 9