CVE-2012-0198

IBM Tivoli Provisioning Manager Expre... - Buffer Overflow

Title source: rule

Description

Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/18727

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Andrea Micalizzi aka rgod, juan vazquez, sinn3r · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb

View Code ZIP pw:eip

References (2)

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-12-040/

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/73033

Scores

EPSS 0.6844

EPSS Percentile 98.6%

Details

Status published

Products (1)

ibm/tivoli_provisioning_manager_express_for_software_distribution 4.1.1

Published Mar 06, 2012

Tracked Since Feb 18, 2026