Vulnerability Details : CVE-2012-2288
Public exploit exists!
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2012-2288
Probability of exploitation activity in the next 30 days: 94.60%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2012-2288
-
EMC Networker Format String
Disclosure Date: 2012-08-29First seen: 2020-04-26exploit/windows/emc/networker_format_stringThis module exploits a format string vulnerability in the lg_sprintf function as implemented in liblocal.dll on EMC Networker products. This module exploits the vulnerability by using a specially crafted RPC call to the program number 0x5F3DD, version 0x02, and pro
CVSS scores for CVE-2012-2288
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2012-2288
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2288
-
http://archives.neohapsis.com/archives/bugtraq/2012-08/0219.html
-
http://www.securitytracker.com/id?1027459
EMC NetWorker NSRD RPC Format String Flaw Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.securityfocus.com/bid/55330
EMC NetWorker 'nsrd' RPC Service Format String Vulnerability
Products affected by CVE-2012-2288
- cpe:2.3:a:emc:networker:7.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:emc:networker:7.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:emc:networker:8.0:*:*:*:*:*:*:*