CVE-2012-0985

Sony VAIO PC Wireless LAN Wizard 1.0-4.11 - Buffer Overflow

Title source: llm

Description

Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method.

Exploits (1)

exploitdb WORKING POC

by High-Tech Bridge SA · htmldoswindows

https://www.exploit-db.com/exploits/18958

View Code ZIP pw:eip

References (7)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2012-05/0147.html

[Vendor Advisory] http://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946

[Vendor Advisory] http://secunia.com/advisories/49340

[Exploit] http://www.exploit-db.com/exploits/18958

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/53735

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75978

[Third Party Advisory, VDB Entry] http://osvdb.org/82401

Scores

EPSS 0.4923

EPSS Percentile 97.8%

Details

CWE

CWE-119

Status published

Products (14)

sony/smartwi_connection_utillity 4.7

sony/smartwi_connection_utillity 4.7.4

sony/smartwi_connection_utillity 4.8

sony/smartwi_connection_utillity 4.9

sony/smartwi_connection_utillity 4.10

sony/smartwi_connection_utillity 4.11

sony/vaio_easy_connect 1.0.0

sony/vaio_easy_connect 1.1.0

sony/vaio_pc_wireless_lan_wizard 1.0

sony/vaio_wireless_wizard 1.00

... and 4 more

Published Jun 07, 2012

Tracked Since Feb 18, 2026