CVE-2012-1196

Lenovo ThinkManagement Console 9.0.3 - Path Traversal and Arbitrary File Deletion via VulCore Web Service

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-1196. PoCs published by Metasploit, rgod, Andrea Micalizzi, juan vazquez, including Metasploit module exploits/windows/http/landesk_thinkmanagement_upload_asp.

AI-analyzed exploit summary This Metasploit module exploits CVE-2012-1196 in LANDesk Lenovo ThinkManagement Suite by uploading a malicious ASP script via a SOAP request, executing it to achieve remote command execution, and then deleting the script to cover tracks.

Description

Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18714

This Metasploit module exploits CVE-2012-1196 in LANDesk Lenovo ThinkManagement Suite by uploading a malicious ASP script via a SOAP request, executing it to achieve remote command execution, and then deleting the script to cover tracks.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: LANDesk Lenovo ThinkManagement Suite 9.0.2 / 9.0.3
No auth needed
Prerequisites: Network access to the target server · SOAP service exposed on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by rgod · textremotewindows
https://www.exploit-db.com/exploits/18623

This exploit targets a directory traversal vulnerability in LANDesk Lenovo ThinkManagement Suite 9.0.3, allowing arbitrary file deletion via the 'SetTaskLogByFile' method in WSVulnerabilityCore.dll. The PoC sends a crafted SOAP request to delete a specified file (e.g., 'ygrep32.dll') without authentication.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: LANDesk Lenovo ThinkManagement Suite 9.0.3
No auth needed
Prerequisites: Network access to the target server · IIS with WSVulnerabilityCore virtual directory exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Andrea Micalizzi, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb

This Metasploit module exploits CVE-2012-1196 in LANDesk Lenovo ThinkManagement Suite by uploading a malicious ASP script via a crafted SOAP request, executing it, and then deleting it. It leverages the '-PutUpdateFileCore' command to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: LANDesk Lenovo ThinkManagement Suite 9.0.2 / 9.0.3
No auth needed
Prerequisites: Network access to the target server · SOAP endpoint exposed
devstral-2 · analyzed Jun 17, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026693
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52023
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73208
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/79277
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47666

Scores

EPSS 0.5641
EPSS Percentile 98.9%

Details

CWE
CWE-22
Status published
Products (1)
landesk/lenovo_thinkmanagement_console 9.0.3
Published Feb 18, 2012
Tracked Since Feb 18, 2026