FKIE_CVE-2012-0985

Vulnerability from fkie_nvd - Published: 2012-06-07 19:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2012-05/0147.htmlExploit
cve@mitre.orghttp://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946Vendor Advisory
cve@mitre.orghttp://osvdb.org/82401
cve@mitre.orghttp://secunia.com/advisories/49340Vendor Advisory
cve@mitre.orghttp://www.exploit-db.com/exploits/18958Exploit
cve@mitre.orghttp://www.securityfocus.com/bid/53735
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/75978
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2012-05/0147.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/82401
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49340Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/18958Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53735
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75978
Impacted products
Vendor Product Version
sony smartwi_connection_utillity 4.7
sony smartwi_connection_utillity 4.7.4
sony smartwi_connection_utillity 4.8
sony smartwi_connection_utillity 4.9
sony smartwi_connection_utillity 4.10
sony smartwi_connection_utillity 4.11
sony vaio_easy_connect 1.0.0
sony vaio_easy_connect 1.1.0
sony vaio_pc_wireless_lan_wizard 1.0
sony vaio_wireless_wizard 1.00
sony vaio_wireless_wizard 1.00_64
sony vaio_wireless_wizard 1.01
sony vaio_wireless_wizard 2.0
sony vaio_wireless_wizard 3.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sony:smartwi_connection_utillity:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F377CC9E-6F84-4DFA-8F73-B52C8308D349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sony:smartwi_connection_utillity:4.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B31C08B-549F-4E6F-BE78-1E6647B8DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sony:smartwi_connection_utillity:4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD61E13-5B11-4C59-A699-92309622C410",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sony:smartwi_connection_utillity:4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3970B17E-313E-4B56-8C77-D9B6272DFF1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sony:smartwi_connection_utillity:4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59A467B-2755-4416-A3FE-77F52A979506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sony:smartwi_connection_utillity:4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "194B3A20-846A-4195-94B3-22A7FF249737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sony:vaio_easy_connect:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F69EE72-5FB2-487D-8773-D4A4BAD38E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sony:vaio_easy_connect:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C885DC7-DAFC-41EC-9B21-2D873418FE7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sony:vaio_pc_wireless_lan_wizard:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F31A19C-2E32-4A62-9186-69DE7F71E503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sony:vaio_wireless_wizard:1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "F534E845-9FAF-4448-97F7-652B09D2317B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sony:vaio_wireless_wizard:1.00_64:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA9AF287-B189-42E2-AB26-9F8F76D3096F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sony:vaio_wireless_wizard:1.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCBB8A07-AB5C-4434-B2F6-B735412211C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sony:vaio_wireless_wizard:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "50049EAD-6370-40AB-B293-4A4E18E4E2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sony:vaio_wireless_wizard:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA0139C4-8CD8-4E01-8A55-89BDB38DB195",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en el control ActiveX de Wireless Manager v4.0.0.0 en WifiMan.dll en Sony VAIO PC Wireless LAN Wizard v1.0, VAIO Wireless Wizard v1.00, v1.00_64, v1.0.1, v2.0 y v3.0; SmartWi Connection Utility v4.7, v4.7.4, v4.8, v4.9, v4.10 y v4.11 y el software VAIO Easy Connect v1.0.0 y v1.1.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cadena larga en el segundo argumento de los metodos (1) SetTmpProfileOption o (2) ConnectToNetwork."
    }
  ],
  "id": "CVE-2012-0985",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-06-07T19:55:06.993",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0147.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://esupport.sony.com/US/perl/support-info.pl?template_id=1\u0026info_id=946"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/82401"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49340"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/18958"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/53735"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75978"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0147.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://esupport.sony.com/US/perl/support-info.pl?template_id=1\u0026info_id=946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/82401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/18958"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53735"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75978"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.