CVE-2012-2515

KeyHelp.KeyCtrl.1 <1.2.312 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2515. PoCs published by MC, including Metasploit module exploits/windows/fileformat/emc_appextender_keyworks.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in the KeyWorks KeyHelp ActiveX Control (KeyHelp.ocx 1.2.3120.0) by crafting a malicious HTML file that triggers the vulnerability when opened in Internet Explorer.

Description

Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method.

Exploits (1)

metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/emc_appextender_keyworks.rb

This Metasploit module exploits a stack buffer overflow in the KeyWorks KeyHelp ActiveX Control (KeyHelp.ocx 1.2.3120.0) by crafting a malicious HTML file that triggers the vulnerability when opened in Internet Explorer.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: EMC ApplicationXtender (KeyWorks) KeyHelp ActiveX Control 1.2.3120.0
No auth needed
Prerequisites: Victim must open the malicious HTML file in a vulnerable version of Internet Explorer with ActiveX enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2795
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2793
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36546
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36914
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36905
US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf

Scores

EPSS 0.2759
EPSS Percentile 97.8%

Details

CWE
CWE-119
Status published
Products (12)
emc/captiva_quickscan_pro 4.6 sp1
emc/documentum_applicationxtender_desktop 5.4
ge/intelligent_platforms_proficy_batch_execution 5.6
ge/intelligent_platforms_proficy_historian 3.1
ge/intelligent_platforms_proficy_historian 3.5
ge/intelligent_platforms_proficy_historian 4.0
ge/intelligent_platforms_proficy_historian 4.5
ge/intelligent_platforms_proficy_hmi\/scada_ifix 5.0
ge/intelligent_platforms_proficy_hmi\/scada_ifix 5.1
ge/intelligent_platforms_proficy_pulse 1.0
... and 2 more
Published Jul 05, 2012
Tracked Since Feb 18, 2026