CVE-2011-10012

HIGH

NetOp v9.5 - Buffer Overflow

Title source: llm

Description

NetOp (now part of Impero Software) Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds checking, allowing an attacker to execute arbitrary code when the file is opened.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/18697

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by chap0 · perllocalwindows

https://www.exploit-db.com/exploits/17223

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Ruben Alejandro · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/netop.rb

View Code ZIP pw:eip

References (7)

[Various Sources] https://netop.com/

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/netop.rb

[Various Sources] https://web.archive.org/web/20120314075913/https://codework-systems.com/netop-remotecontrol-10-01-released/

[Vendor Advisory] https://www.fortiguard.com/encyclopedia/ips/27765/netop-remote-control-dws-file-handling-buffer-overflow

[Third Party Advisory] https://www.vulncheck.com/advisories/netop-remote-control-client-dws-file-buffer-overflow

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/17223

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/18697

Scores

CVSS v4 8.4

EPSS 0.0815

EPSS Percentile 92.2%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

CWE

CWE-121

Status published

Products (1)

NetOp/Remote Control Client 9.5

Published Aug 13, 2025

Tracked Since Feb 18, 2026