CVE-2012-0201

2012-03-0211:55:00

CWE-119

ibm

web.nvd.nist.gov

cve-2012-0201

ibm

personal communications

buffer overflow

remote code execution

security vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.918

Percentile

99.0%

JSON

Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.

Affected configurations

Nvd

Node

ibmpersonal_communicationsMatch5.9.7.0

ibmpersonal_communicationsMatch5.9.7.1

Node

ibmpersonal_communicationsMatch6.0.3.0

VendorProductVersionCPE
ibmpersonal_communications5.9.7.0cpe:2.3:a:ibm:personal_communications:5.9.7.0:*:*:*:*:*:*:*
ibmpersonal_communications5.9.7.1cpe:2.3:a:ibm:personal_communications:5.9.7.1:*:*:*:*:*:*:*
ibmpersonal_communications6.0.3.0cpe:2.3:a:ibm:personal_communications:6.0.3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	personal_communications	5.9.7.0	cpe:2.3:a:ibm:personal_communications:5.9.7.0:::::::*
ibm	personal_communications	5.9.7.1	cpe:2.3:a:ibm:personal_communications:5.9.7.1:::::::*
ibm	personal_communications	6.0.3.0	cpe:2.3:a:ibm:personal_communications:6.0.3.0:::::::*