Vulnerability Details : CVE-2012-2915
Public exploit exists!
Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2012-2915
Probability of exploitation activity in the next 30 days: 93.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2012-2915
-
Lattice Semiconductor PAC-Designer 6.21 Symbol Value Buffer Overflow
Disclosure Date: 2012-05-16First seen: 2020-04-26exploit/windows/fileformat/lattice_pac_bofThis module exploits a vulnerability found in Lattice Semiconductor PAC-Designer 6.21. As a .pac file, when supplying a long string of data to the 'value' field under the 'SymbolicSchematicData' tag, it is possible to cause a memory corruption on the stack, which
CVSS scores for CVE-2012-2915
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2012-2915
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2915
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75698
PAC-Designer .pac buffer overflow CVE-2012-2915 Vulnerability Report
-
http://www.securityfocus.com/bid/53566
PAC-Designer '.pac' File Buffer Overflow Vulnerability
Products affected by CVE-2012-2915
- cpe:2.3:a:lattice_semiconductor:pac-designer:6.2.1344:*:*:*:*:*:*:*