CVE-2012-10057

HIGH

Lattice Semiconductor ispVM System v18.0.2 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-10057. PoCs published by Metasploit, Unknown, juan vazquez, including Metasploit module exploits/windows/fileformat/ispvm_xcf_ispxcf.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in ispVM System 18.0.2 by crafting a malicious .xcf file with an overly long version attribute, leading to arbitrary code execution. The exploit leverages a known return address in MSVCP60.dll to redirect execution to the payload.

Description

Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag, the application fails to properly validate input length, allowing a specially crafted file to overwrite memory on the stack. This can result in arbitrary code execution under the context of the user who opens the file. The vulnerability is triggered locally by opening a malicious .xcf file and does not require elevated privileges.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/18947

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in ispVM System 18.0.2 by crafting a malicious .xcf file with an overly long version attribute, leading to arbitrary code execution. The exploit leverages a known return address in MSVCP60.dll to redirect execution to the payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ispVM System 18.0.2

No auth needed

Prerequisites: Target must open the malicious .xcf file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Unknown, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/ispvm_xcf_ispxcf.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow vulnerability in Lattice Semiconductor ispVM System 18.0.2 by crafting a malicious .xcf file with an overly long version attribute, leading to arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Lattice Semiconductor ispVM System 18.0.2

No auth needed

Prerequisites: Victim must open the malicious .xcf file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/ispvm_xcf_ispxcf.rb

Various Sources product

https://www.latticesemi.com/ispvm

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/lattice-semiconductor-ispvm-system-xcf-file-handling-buffer-overflow

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/18947

Third Party Advisory technical-description exploit

https://web.archive.org/web/20121014002756/http://secunia.com/advisories/48740/

Scores

CVSS v4 8.4

EPSS 0.0040

EPSS Percentile 31.4%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

Lattice Semiconductor/ispVM System 18.0.2

Published Aug 13, 2025

Tracked Since Feb 18, 2026