// For flags

CVE-2012-5002

Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a long USER FTP command.

Desbordamiento de búfer basado en pila en el servidor SR10 FTP (SR10.exe) v1.1.0.6 en Ricoh DC Software DL-10 v4.5.0.1, cuando está activada la opción de nombre de fichero Log, permite a atacantes remotos ejecutar código a través de un comando USER FTP.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-03-22 First Exploit
  • 2012-09-19 CVE Reserved
  • 2012-09-19 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-10-08 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ricoh
Search vendor "Ricoh"
 Dl-10
Search vendor "Ricoh" for product "Dl-10"
 4.5.0.1
Search vendor "Ricoh" for product "Dl-10" and version "4.5.0.1"
-
Affected
Ricoh
Search vendor "Ricoh"
 Sr10 Ftp Server
Search vendor "Ricoh" for product "Sr10 Ftp Server"
 1.1.0.6
Search vendor "Ricoh" for product "Sr10 Ftp Server" and version "1.1.0.6"
-
Affected