CVE-2012-2288

EMC NetWorker 7.6.3-7.6.4 and 8.0 - Remote Code Execution via nsrd RPC Service Format String

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-2288. PoCs published by Metasploit, Aaron Portnoy, including Metasploit module exploits/windows/emc/networker_format_string.

AI-analyzed exploit summary This Metasploit module exploits a format string vulnerability in EMC Networker's lg_sprintf function via a crafted RPC call, achieving remote code execution with DEP bypass techniques.

Description

Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/22525

View Code ZIP pw:eip

This Metasploit module exploits a format string vulnerability in EMC Networker's lg_sprintf function via a crafted RPC call, achieving remote code execution with DEP bypass techniques.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: EMC Networker 7.6 SP3

No auth needed

Prerequisites: Network access to the target system · SunRPC service exposed on port 111

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Aaron Portnoy · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/emc/networker_format_string.rb

View Code ZIP pw:eip

This Metasploit module exploits a format string vulnerability in EMC Networker's lg_sprintf function via a crafted RPC call to program 0x5F3DD, version 0x02, procedure 0x06. It includes DEP bypass techniques using ROP chains and has been tested on Windows XP SP3 and Windows 2003 SP2.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: EMC Networker 7.6 SP3

No auth needed

Prerequisites: Network access to the target system · EMC Networker service running and accessible via RPC

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/55330

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-08/0219.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1027459

Scores

EPSS 0.3312

EPSS Percentile 98.1%

Details

CWE

CWE-134

Status published

Products (3)

emc/networker 7.6.3

emc/networker 7.6.4

emc/networker 8.0

Published Sep 04, 2012

Tracked Since Feb 18, 2026