CVE-2012-2288

EMC Networker - Format String Vulnerability

Title source: rule

Description

Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/22525

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Aaron Portnoy · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/emc/networker_format_string.rb

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/55330

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2012-08/0219.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1027459

Scores

EPSS 0.6993

EPSS Percentile 98.7%

Details

CWE

CWE-134

Status published

Products (3)

emc/networker 7.6.3

emc/networker 7.6.4

emc/networker 8.0

Published Sep 04, 2012

Tracked Since Feb 18, 2026