Vulnerability Description
Use-after-free vulnerability in the Connect function in the WESPMonitor.WESPMonitorCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via an invalid IP address and a page reload.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webgateinc | Edvr Manager | 2.6.4 |
References
- http://www.securityfocus.com/bid/72849
- http://www.zerodayinitiative.com/advisories/ZDI-15-069/
- http://www.securityfocus.com/bid/72849
- http://www.zerodayinitiative.com/advisories/ZDI-15-069/
FAQ
What is CVE-2015-2096?
CVE-2015-2096 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Use-after-free vulnerability in the Connect function in the WESPMonitor.WESPMonitorCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via an invalid IP ad...
How severe is CVE-2015-2096?
CVE-2015-2096 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2096?
Check the references section above for vendor advisories and patch information. Affected products include: Webgateinc Edvr Manager.