Vulnerability Description
Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sony | Smartwi Connection Utillity | 4.7 |
| Sony | Vaio Easy Connect | 1.0.0 |
| Sony | Vaio Pc Wireless Lan Wizard | 1.0 |
| Sony | Vaio Wireless Wizard | 1.00 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-05/0147.htmlExploit
- http://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946Vendor Advisory
- http://osvdb.org/82401
- http://secunia.com/advisories/49340Vendor Advisory
- http://www.exploit-db.com/exploits/18958Exploit
- http://www.securityfocus.com/bid/53735
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75978
- http://archives.neohapsis.com/archives/bugtraq/2012-05/0147.htmlExploit
- http://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946Vendor Advisory
- http://osvdb.org/82401
- http://secunia.com/advisories/49340Vendor Advisory
- http://www.exploit-db.com/exploits/18958Exploit
- http://www.securityfocus.com/bid/53735
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75978
FAQ
What is CVE-2012-0985?
CVE-2012-0985 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Conne...
How severe is CVE-2012-0985?
CVE-2012-0985 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0985?
Check the references section above for vendor advisories and patch information. Affected products include: Sony Smartwi Connection Utillity, Sony Vaio Easy Connect, Sony Vaio Pc Wireless Lan Wizard, Sony Vaio Wireless Wizard.