CVE-2012-4711 : Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, ki

Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.2003.10400 in KingView 6.53, and kingMess.exe 65.50.2011.18049 in KingView 6.55 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted packet.

Published 2013-02-15 12:09:28

Updated 2013-05-21 03:20:37

Source ICS-CERT

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service

Products affected by CVE-2012-4711

Wellintech » Kingview » Version: 6.53
cpe:2.3:a:wellintech:kingview:6.53:*:*:*:*:*:*:*
Matching versions
Wellintech » Kingview » Version: 6.52
cpe:2.3:a:wellintech:kingview:6.52:*:*:*:*:*:*:*
Matching versions
Wellintech » Kingview » Version: 6.55
cpe:2.3:a:wellintech:kingview:6.55:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-4711

EPSS FAQ

48.50%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2012-4711

KingView Log File Parsing Buffer Overflow

Disclosure Date: 2012-11-20

First seen: 2020-04-26

exploit/windows/fileformat/kingview_kingmess_kvl

This module exploits a vulnerability found in KingView <= 6.55. It exists in the KingMess.exe application when handling log files, due to the insecure usage of sprintf. This module uses a malformed .kvl file which must be opened by the victim via the KingMess.exe a

More information

CVSS scores for CVE-2012-4711

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-4711

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-4711

http://ics-cert.us-cert.gov/advisories/ICSA-13-043-02A

WellinTech KingView KingMess Buffer Overflow (Update A) | CISA
http://ics-cert.us-cert.gov/pdf/ICSA-13-043-02.pdf

404 - File Not Found | CISA
US Government Resource

Jump to

Vulnerability Details : CVE-2012-4711