Vulnerability Details : CVE-2012-4924
Public exploit exists!
Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2012-4924
Probability of exploitation activity in the next 30 days: 94.22%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2012-4924
-
ASUS Net4Switch ipswcom.dll ActiveX Stack Buffer Overflow
Disclosure Date: 2012-02-17First seen: 2020-04-26exploit/windows/browser/asus_net4switch_ipswcomThis module exploits a vulnerability found in ASUS Net4Switch's ipswcom.dll ActiveX control. A buffer overflow condition is possible in multiple places due to the use of the CxDbgPrint() function, which allows remote attackers to gain arbitrary code execution unde
CVSS scores for CVE-2012-4924
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2012-4924
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4924
-
http://dsecrg.com/pages/vul/show.php?id=417
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/73384
ASUS Net4Switch ActiveX control buffer overflow CVE-2012-4924 Vulnerability Report
-
http://www.exploit-db.com/exploits/18538
ASUS Net4Switch - 'ipswcom.dll' ActiveX Stack Buffer Overflow (Metasploit) - Windows remote ExploitExploit
-
http://www.securityfocus.com/bid/52110
ASUS Net4Switch 'ipswcom.dll' ActiveX Remote Buffer Overflow Vulnerability
Products affected by CVE-2012-4924
- cpe:2.3:a:asus:ipswcom_activex_component:1.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:asus:net4switch:1.0.0020:*:*:*:*:*:*:*