CVE-2012-0284

Cisco Linksys PlayerPT <1.0.0.15 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2012-0284. PoCs published by Metasploit, rgod, Carsten Eiram, juan vazquez, including Metasploit module exploits/windows/browser/cisco_playerpt_setsource_surl.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Cisco Linksys PlayerPT ActiveX control via a crafted sURL argument in the SetSource method, leading to remote code execution. It includes heap spraying techniques and ROP chains for various IE versions and Windows platforms.

Description

Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument).

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/20202

This Metasploit module exploits a stack-based buffer overflow in Cisco Linksys PlayerPT ActiveX control via a crafted sURL argument in the SetSource method, leading to remote code execution. It includes heap spraying techniques and ROP chains for various IE versions and Windows platforms.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Cisco Linksys PlayerPT 1.0.0.15 (ActiveX control in WVC200 Wireless-G PTZ Internet Video Camera)
No auth needed
Prerequisites: Victim must visit a malicious web page using Internet Explorer 6-9 · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by rgod · textdoswindows
https://www.exploit-db.com/exploits/18641

This exploit demonstrates a buffer overflow vulnerability in the Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera's PlayerPT ActiveX control. The SetSource() method is exploited by passing an overly long string, leading to a stack-based buffer overflow.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control (File version: 1.0.0.15)
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Carsten Eiram, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb

This Metasploit module exploits a stack-based buffer overflow in Cisco Linksys PlayerPT ActiveX control via a crafted 'sURL' argument in the SetSource method, leading to remote code execution. It includes heap spraying techniques and multiple targets for different IE versions and Windows platforms.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Cisco Linksys PlayerPT 1.0.0.15 (as installed with WVC200 Wireless-G PTZ Internet Video Camera)
No auth needed
Prerequisites: Victim must visit a malicious web page · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC NORMAL
by rgod, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/cisco_playerpt_setsource.rb

This Metasploit module exploits a stack-based buffer overflow in Cisco Linksys PlayerPT ActiveX control via the SetSource method, leading to remote code execution. It includes heap spraying and ROP chain techniques for different IE versions on Windows.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Cisco Linksys PlayerPT ActiveX Control 1.0.0.15
No auth needed
Prerequisites: Victim must visit a malicious web page · ActiveX control must be installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2012-25/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77085
Broken Link mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-07/0113.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54588
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027259

Scores

EPSS 0.7316
EPSS Percentile 98.8%

Details

CWE
CWE-119
Status published
Products (1)
cisco/linksys_playerpt_activex_control 1.0.0.15
Published Jul 19, 2012
Tracked Since Feb 18, 2026