CVE-2014-0773 in WebAccess
Summary
by MITRE
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. After validation, the values supplied in the HTML are passed to the Windows CreateProcessA API.
The validation can be bypassed allowing for running arbitrary command lines. The command line can specify running remote files (example: UNC command line).
A function exists at offset 100019B0 of bwocxrun.ocx. Inside this function, there are 3 calls to strstr to check the contents of the user specified command line. If “\setup.exe,” “\bwvbprt.exe,” or “\bwvbprtl.exe” are contained in the command line (strstr returns nonzero value), the command line passes validation and is then passed to CreateProcessA.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/10/2026
The CVE-2014-0773 vulnerability represents a critical privilege escalation and remote code execution flaw within Advantech WebAccess software versions prior to 7.2. This vulnerability exists in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control, specifically within the CreateProcess method that handles external program execution. The flaw allows remote attackers to manipulate the execution flow of critical system components by leveraging specially crafted arguments that specify arbitrary pathnames, particularly UNC share paths. This vulnerability is particularly concerning as it enables attackers to execute three specific programs including setup.exe which typically contains installation and configuration utilities that could be exploited for system compromise.
The technical implementation of this vulnerability stems from inadequate input validation within the ActiveX control's CreateProcess method. When the control receives a crafted argument containing a pathname, it fails to properly sanitize or validate the input before executing the specified program. The vulnerability specifically targets the execution of setup.exe, bwvbprt.exe, and bwvbprtl.exe programs which are part of Advantech WebAccess's component suite. These executables are typically legitimate system tools used for printer configuration and system setup, but when executed from arbitrary locations via UNC paths, they can be leveraged to load malicious payloads or establish persistence mechanisms. The use of UNC share pathnames is particularly dangerous as it allows attackers to specify network locations that can be controlled by the attacker, effectively bypassing local file system restrictions.
The operational impact of this vulnerability extends beyond simple remote code execution to encompass potential system compromise and privilege escalation scenarios. Attackers can leverage this vulnerability to execute malicious code with the privileges of the user running the vulnerable ActiveX control, which often includes administrative privileges in web access environments. The ability to execute setup.exe creates particular risk as this program is typically used for system-level installations and modifications, potentially allowing attackers to install backdoors, modify system configurations, or deploy additional malware. The vulnerability affects environments where ActiveX controls are enabled in web browsers, particularly in industrial control systems and SCADA environments where Advantech WebAccess is commonly deployed, making it a significant concern for operational technology infrastructure.
Organizations should implement multiple layers of defense to mitigate this vulnerability including immediate patching of affected Advantech WebAccess installations to version 7.2 or later. Network segmentation and firewall rules should be implemented to restrict access to systems running vulnerable ActiveX controls, particularly in web-facing environments. Browser security configurations should be adjusted to disable ActiveX controls or restrict their execution to trusted domains only. The vulnerability aligns with CWE-78 which addresses improper neutralization of special elements used in OS commands, and represents a classic example of command injection that could be mapped to ATT&CK technique T1203 for legitimate program execution. Additionally, organizations should conduct comprehensive vulnerability assessments to identify other potentially vulnerable ActiveX controls and ensure proper input validation is implemented across all system components to prevent similar issues from occurring in the future.