Vulnerability Details : CVE-2012-0198
Public exploit exists!
Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.
Vulnerability category: OverflowExecute code
Products affected by CVE-2012-0198
- cpe:2.3:a:ibm:tivoli_provisioning_manager_express_for_software_distribution:4.1.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0198
96.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2012-0198
-
IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploa
Disclosure Date: 2012-03-01First seen: 2020-04-26exploit/windows/browser/ibm_tivoli_pme_activex_bofThis module exploits a buffer overflow vulnerability in the Isig.isigCtl.1 ActiveX installed with IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1. The vulnerability is found in the "RunAndUploadFile" method where the "OtherFields" p
CVSS scores for CVE-2012-0198
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2012-0198
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/73033
IBM Tivoli Provisioning Manager Express for Software Distribution ActiveX control (Isig.isigCtl.1) buffer overflow CVE-2012-0198 Vulnerability Report
-
http://www.zerodayinitiative.com/advisories/ZDI-12-040/
ZDI-12-040 | Zero Day Initiative
Jump to