Stack-based Buffer Overflow in IBM Personal Communications
CVE-2012-0201

Currently unrated

Key Information:

Vendor: IBM
Status: Personal Communications
Vendor: CVE Published:; 2 March 2012

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 75%

What is CVE-2012-0201?

A stack-based buffer overflow exists in the pcspref.dll component of pcsws.exe within IBM Personal Communications versions 5.9.x prior to 5.9.8 and 6.0.x prior to 6.0.4. This vulnerability could allow remote attackers to execute arbitrary code by crafting a long profile string in a WorkStation file. Exploitation of this flaw poses significant security risks, potentially compromising the integrity and confidentiality of systems utilizing the software.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2012-0201 - Proof of Concept

References

http://www.exploit-db.com/exploits/18539/

exploitx_refsource_EXPLOIT-DB

http://www-01.ibm.com/support/docview.wss?uid=swg21586166

x_refsource_CONFIRM

http://www.stratsec.net/Research/Advisories/IBM-Personal-...

x_refsource_MISC

EPSS Score

75% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Mar 2, 2012
👾
Exploit known to exist
Mar 2, 2012
Vulnerability published
Mar 2, 2012
Vulnerability Reserved
Dec 14, 2011

CVE-2012-0201 Data

JSON