Advantech WebAccess webvrpcs Service BwWebSvc ProjectName sprintf Buffer Overflow Exploit

The specific flaw exists within the implementation of the 0x13C83 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to memcpy using the ProjectName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Exploit type: 
Platform: 
Vulnerabilty ID: 
NOCVE-9999-74956
Product Version: 
2015_R1
Released Date: 
Friday, March 18, 2016 - 00:00