CVE-2012-0985

Sony VAIO Wireless Manager 4.0.0.0 - Buffer Overflow

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method.

Múltiples desbordamientos de búfer en el control ActiveX de Wireless Manager v4.0.0.0 en WifiMan.dll en Sony VAIO PC Wireless LAN Wizard v1.0, VAIO Wireless Wizard v1.00, v1.00_64, v1.0.1, v2.0 y v3.0; SmartWi Connection Utility v4.7, v4.7.4, v4.8, v4.9, v4.10 y v4.11 y el software VAIO Easy Connect v1.0.0 y v1.1.0 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de una cadena larga en el segundo argumento de los metodos (1) SetTmpProfileOption o (2) ConnectToNetwork.

Wireless Manager Sony VAIO version 4.0.0.0 suffers from multiple buffer overflow vulnerabilities.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-02-02 CVE Reserved
2012-05-30 CVE Published
2012-05-31 First Exploit
2024-08-06 CVE Updated
2024-10-14 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (8)

URL	Tag	Source
http://osvdb.org/82401	Vdb Entry
http://www.securityfocus.com/bid/53735	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/75978	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/18958	2012-05-31
http://archives.neohapsis.com/archives/bugtraq/2012-05/0147.html	2024-08-06
http://www.exploit-db.com/exploits/18958	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946	2017-08-29
http://secunia.com/advisories/49340	2017-08-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sony Search vendor "Sony"		Smartwi Connection Utillity Search vendor "Sony" for product "Smartwi Connection Utillity"				4.7 Search vendor "Sony" for product "Smartwi Connection Utillity" and version "4.7"		-		Affected
Sony Search vendor "Sony"		Smartwi Connection Utillity Search vendor "Sony" for product "Smartwi Connection Utillity"				4.7.4 Search vendor "Sony" for product "Smartwi Connection Utillity" and version "4.7.4"		-		Affected
Sony Search vendor "Sony"		Smartwi Connection Utillity Search vendor "Sony" for product "Smartwi Connection Utillity"				4.8 Search vendor "Sony" for product "Smartwi Connection Utillity" and version "4.8"		-		Affected
Sony Search vendor "Sony"		Smartwi Connection Utillity Search vendor "Sony" for product "Smartwi Connection Utillity"				4.9 Search vendor "Sony" for product "Smartwi Connection Utillity" and version "4.9"		-		Affected
Sony Search vendor "Sony"		Smartwi Connection Utillity Search vendor "Sony" for product "Smartwi Connection Utillity"				4.10 Search vendor "Sony" for product "Smartwi Connection Utillity" and version "4.10"		-		Affected
Sony Search vendor "Sony"		Smartwi Connection Utillity Search vendor "Sony" for product "Smartwi Connection Utillity"				4.11 Search vendor "Sony" for product "Smartwi Connection Utillity" and version "4.11"		-		Affected
Sony Search vendor "Sony"		Vaio Easy Connect Search vendor "Sony" for product "Vaio Easy Connect"				1.0.0 Search vendor "Sony" for product "Vaio Easy Connect" and version "1.0.0"		-		Affected
Sony Search vendor "Sony"		Vaio Easy Connect Search vendor "Sony" for product "Vaio Easy Connect"				1.1.0 Search vendor "Sony" for product "Vaio Easy Connect" and version "1.1.0"		-		Affected
Sony Search vendor "Sony"		Vaio Pc Wireless Lan Wizard Search vendor "Sony" for product "Vaio Pc Wireless Lan Wizard"				1.0 Search vendor "Sony" for product "Vaio Pc Wireless Lan Wizard" and version "1.0"		-		Affected
Sony Search vendor "Sony"		Vaio Wireless Wizard Search vendor "Sony" for product "Vaio Wireless Wizard"				1.00 Search vendor "Sony" for product "Vaio Wireless Wizard" and version "1.00"		-		Affected
Sony Search vendor "Sony"		Vaio Wireless Wizard Search vendor "Sony" for product "Vaio Wireless Wizard"				1.00_64 Search vendor "Sony" for product "Vaio Wireless Wizard" and version "1.00_64"		-		Affected
Sony Search vendor "Sony"		Vaio Wireless Wizard Search vendor "Sony" for product "Vaio Wireless Wizard"				1.01 Search vendor "Sony" for product "Vaio Wireless Wizard" and version "1.01"		-		Affected
Sony Search vendor "Sony"		Vaio Wireless Wizard Search vendor "Sony" for product "Vaio Wireless Wizard"				2.0 Search vendor "Sony" for product "Vaio Wireless Wizard" and version "2.0"		-		Affected
Sony Search vendor "Sony"		Vaio Wireless Wizard Search vendor "Sony" for product "Vaio Wireless Wizard"				3.0 Search vendor "Sony" for product "Vaio Wireless Wizard" and version "3.0"		-		Affected