CVE-2012-0202

IBM Cognos TM1 9.4.x-9.5.x - Remote Code Execution via Crafted Data

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-0202. PoCs published by Metasploit, Unknown, juan vazquez, including Metasploit module exploits/windows/misc/ibm_cognos_tm1admsd_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in IBM Cognos tm1admsd.exe via a crafted TCP request, achieving remote code execution. It leverages a SEH overwrite and a short jump to bypass length restrictions.

Description

Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/23969

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in IBM Cognos tm1admsd.exe via a crafted TCP request, achieving remote code execution. It leverages a SEH overwrite and a short jump to bypass length restrictions.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IBM Cognos Express 9.5

No auth needed

Prerequisites: Network access to TCP port 5498 · Vulnerable IBM Cognos Express 9.5 installation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Unknown, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/ibm_cognos_tm1admsd_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in IBM Cognos tm1admsd.exe via a crafted TCP request, achieving remote code execution. The exploit leverages a dangerous memcpy operation without proper length validation.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IBM Cognos Express 9.5

No auth needed

Prerequisites: Network access to the target service on port 5498

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/73182

Vendor Advisory x_refsource_confirm

http://www-01.ibm.com/support/docview.wss?uid=swg21590314

Vendor Advisory x_refsource_confirm

http://www-01.ibm.com/support/docview.wss?uid=swg24032164

Vendor Advisory x_refsource_confirm

http://www-01.ibm.com/support/docview.wss?uid=swg24032165

Various Sources x_refsource_confirm

http://www-01.ibm.com/support/docview.wss?uid=swg24032166

Scores

EPSS 0.5485

EPSS Percentile 98.9%

Details

CWE

CWE-119

Status published

Products (4)

ibm/cognos_tm1 9.4.1

ibm/cognos_tm1 9.4.1.3

ibm/cognos_tm1 9.5.1

ibm/cognos_tm1 9.5.2

Published May 04, 2012

Tracked Since Feb 18, 2026