CVE-2011-10012

HIGH

NetOp Remote Control Client 9.5 - Stack-based Buffer Overflow via .dws Configuration File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2011-10012. PoCs published by Metasploit, chap0, Ruben Alejandro, including Metasploit module exploits/windows/fileformat/netop.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in NetOp Remote Control Client 9.5 by crafting a malicious .dws file with a string longer than 520 characters, leading to arbitrary code execution.

Description

NetOp (now part of Impero Software) Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds checking, allowing an attacker to execute arbitrary code when the file is opened.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18697

This Metasploit module exploits a stack-based buffer overflow in NetOp Remote Control Client 9.5 by crafting a malicious .dws file with a string longer than 520 characters, leading to arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: NetOp Remote Control Client 9.5
No auth needed
Prerequisites: Victim must open a malicious .dws file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by chap0 · perllocalwindows
https://www.exploit-db.com/exploits/17223

This Perl script exploits a buffer overflow vulnerability in NetOp Remote Control versions 8.0, 9.1, 9.2, and 9.5 by crafting malicious .dws files. It includes shellcode for a reverse TCP shell and targets specific return addresses in nupdate.dll.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: NetOp Remote Control (versions 8.0, 9.1, 9.2, 9.5)
No auth needed
Prerequisites: Victim must open the malicious .dws file
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Ruben Alejandro · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/netop.rb

This Metasploit module exploits a stack-based buffer overflow in NetOp Remote Control 9.5 by crafting a malicious .dws file with a string longer than 520 characters, leading to arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: NetOp Remote Control 9.5
No auth needed
Prerequisites: Victim must open the malicious .dws file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Scores

CVSS v4 8.4
EPSS 0.2172
EPSS Percentile 95.9%
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-121
Status published
Products (1)
NetOp/Remote Control Client 9.5
Published Aug 13, 2025
Tracked Since Feb 18, 2026