What is CVE-2014-2994?

CVE-2014-2994 is a vulnerability in Acunetix Web_vulnerability_scanner, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-04-27.

Is CVE-2014-2994 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Acunetix Web_vulnerability_scanner

CVE-2014-2994

Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).

Vulnerability class: Buffer Overflow

EPSS: 0.568 (98.2th percentile) — read the EPSS interpretation.

Affected products

Acunetix Web_vulnerability_scanner — versions 8
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)
32997 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2014-2994?: CVE-2014-2994 is a vulnerability in Acunetix Web_vulnerability_scanner, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-04-27.
Is CVE-2014-2994 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.