Stack-based Buffer Overflow Vulnerability in NetIQ eDirectory by Novell
CVE-2012-0432

Currently unrated

Key Information:

Vendor

Microfocus
Status
Edirectory
Vendor
CVE Published:
25 December 2012

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 85%

What is CVE-2012-0432?

A stack-based buffer overflow vulnerability exists in the NetIQ eDirectory due to insufficient validation of user inputs in its NCP implementation. This flaw could allow a remote attacker to exploit the vulnerability through various unknown vectors, potentially compromising the integrity and availability of the system. Users are advised to upgrade to version 8.8.7.2 or later to mitigate this risk. Additional details can be found in the Novell security documentation.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2012-0432
Created by Rapid7

References

http://www.novell.com/support/kb/doc.php?id=3426981
x_refsource_CONFIRM
https://bugzilla.novell.com/show_bug.cgi?id=785272
x_refsource_CONFIRM

EPSS Score

85% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

.