| Vulnerability Name: | CVE-2012-4924 (CCN-73384) | ||||||||
| Assigned: | 2012-02-17 | ||||||||
| Published: | 2012-02-17 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 8.4 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:UR)
8.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-4924 Source: CCN Type: DSECRG-12-017 ASUS Net4Switch ipswcom.dll ActiveX - buffer overflow vulnerability Source: MISC Type: UNKNOWN http://dsecrg.com/pages/vul/show.php?id=417 Source: OSVDB Type: UNKNOWN 79438 Source: CCN Type: SA48125 Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability Source: SECUNIA Type: Vendor Advisory 48125 Source: CCN Type: ASUS Web site Net4Switch ActiveX control (ipswcom.dll) Source: EXPLOIT-DB Type: Exploit 18538 Source: CCN Type: OSVDB ID: 79438 Net4Switch ipswcom.dll ActiveX Control cxcmrt.dll CxDbgPrint() Function Alert() Method Debug Message String Creation Remote Overflow Source: BID Type: UNKNOWN 52110 Source: CCN Type: BID-52110 ASUS Net4Switch 'ipswcom.dll' ActiveX Remote Buffer Overflow Vulnerability Source: XF Type: UNKNOWN net4switch-activex-bo(73384) Source: XF Type: UNKNOWN net4switch-activex-bo(73384) Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [02-29-2012] | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||