Stack-based Buffer Overflow in IBM Personal Communications
CVE-2012-0201

Currently unrated

Key Information:

Vendor: IBM
Status: Personal Communications
Vendor: CVE Published:; 2 March 2012

Summary

A stack-based buffer overflow exists in the pcspref.dll component of pcsws.exe within IBM Personal Communications versions 5.9.x prior to 5.9.8 and 6.0.x prior to 6.0.4. This vulnerability could allow remote attackers to execute arbitrary code by crafting a long profile string in a WorkStation file. Exploitation of this flaw poses significant security risks, potentially compromising the integrity and confidentiality of systems utilizing the software.

References

http://www.exploit-db.com/exploits/18539/

exploitx_refsource_EXPLOIT-DB

http://www-01.ibm.com/support/docview.wss?uid=swg21586166

x_refsource_CONFIRM

http://www.stratsec.net/Research/Advisories/IBM-Personal-...

x_refsource_MISC

EPSS Score

67% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 2, 2012
Vulnerability Reserved
Dec 14, 2011