IBMCDD7116B8B717273A045857D4C7D3D4F1AE6701A7055EBA2285BA24AD9086343Security Bulletin: Personal Communications WorkStation file Buffer Overflow Vulnerability (CVE-2012-0201)
EPSS
Percentile
99.0%
Summary
A buffer overflow vulnerability in the handling of WorkStation files (.ws) by IBM Personal Communications could allow a remote attacker to cause a denial of service (application crash) or potentially execute arbitrary code on vulnerable installations of IBM Personal Communications.
Vulnerability Details
| Subscribe to My Notifications to be notified of important product support alerts like this.
- Follow this link for more information (requires login with your IBM ID)
—|—
CVE ID:CVE-2012-0201
**Description:**IBM Personal Communications is susceptible to a buffer overflow vulnerability when handling certain specially-crafted WorkStation files (.ws). If an attacker could persuade a potential victim running a vulnerable installation of the application to open a malicious .ws file, the attacker could potentially crash the application or execute arbitrary code on the client system.
CVSS Base Score: 9.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73127> for the current score *CVSS Environmental Score:**Undefined CVSS String: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Affected Products and Versions
IBM Personal Communications 5.9.0 to 5.9.7 and 6.0.0 to 6.0.3 on all supported platforms.
Remediation/Fixes
Upgrade to Personal Communications 6.0.4 or later.
OR
Apply the fix associated with APAR IC81539.
Workarounds and Mitigations
The Personal Communications workstation profiles should NOT be modified by users; however, if for any reason they do need to be modified, then it should only be done by an administrator.
Related
EPSS
Percentile
99.0%