9.3
CVE-2012-0201
- EPSS 36.83%
- Veröffentlicht 02.03.2012 11:55:00
- Zuletzt bearbeitet 16.06.2026 23:36:52
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Personal Communications Version5.9.7.0
Ibm ≫ Personal Communications Version5.9.7.1
Ibm ≫ Personal Communications Version6.0.3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 36.83% | 0.983 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/fileformat/ibm_pcm_ws.rb
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81539
http://www-01.ibm.com/support/docview.wss?uid=swg21586166
http://www.exploit-db.com/exploits/18539/
http://www.metasploit.com/modules/exploit/windows/fileformat/ibm_pcm_ws
http://www.stratsec.net/Research/Advisories/IBM-Personal-Communications-I-Series-Access-WorkSt
https://exchange.xforce.ibmcloud.com/vulnerabilities/73127