Vulnerability Description
Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Personal Communications | 5.9.7.0 |
Related Weaknesses (CWE)
References
- http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/ex
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC81539
- http://www-01.ibm.com/support/docview.wss?uid=swg21586166Vendor Advisory
- http://www.exploit-db.com/exploits/18539/Exploit
- http://www.metasploit.com/modules/exploit/windows/fileformat/ibm_pcm_ws
- http://www.stratsec.net/Research/Advisories/IBM-Personal-Communications-I-SeriesExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73127
- http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/ex
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC81539
- http://www-01.ibm.com/support/docview.wss?uid=swg21586166Vendor Advisory
- http://www.exploit-db.com/exploits/18539/Exploit
- http://www.metasploit.com/modules/exploit/windows/fileformat/ibm_pcm_ws
- http://www.stratsec.net/Research/Advisories/IBM-Personal-Communications-I-SeriesExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73127
FAQ
What is CVE-2012-0201?
CVE-2012-0201 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profi...
How severe is CVE-2012-0201?
CVE-2012-0201 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0201?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Personal Communications.