CVE-2012-2915

Lattice Semiconductor PAC-Designer <6.2.1344 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-2915. PoCs published by Metasploit, b33f, Unknown, juan vazquez, sinn3r, including Metasploit module exploits/windows/fileformat/lattice_pac_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.21 by crafting a malicious .pac file with an overly long 'value' field in the 'SymbolicSchematicData' tag, leading to arbitrary code execution.

Description

Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/19175

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.21 by crafting a malicious .pac file with an overly long 'value' field in the 'SymbolicSchematicData' tag, leading to arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Lattice Semiconductor PAC-Designer 6.21

No auth needed

Prerequisites: Victim must open the malicious .pac file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by b33f · pythonlocalwindows

https://www.exploit-db.com/exploits/19006

View Code ZIP pw:eip

This exploit leverages a buffer overflow vulnerability in Lattice Semiconductor PAC-Designer 6.21 by crafting a malicious .PAC file with an embedded shellcode payload. The exploit uses SEH overwrites to achieve remote code execution on Windows XP SP1.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Lattice Semiconductor PAC-Designer 6.21

No auth needed

Prerequisites: Victim must open the malicious .PAC file in PAC-Designer 6.21

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Unknown, juan vazquez, sinn3r · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/lattice_pac_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.21 by crafting a malicious .pac file with an oversized 'value' field in the 'SymbolicSchematicData' tag, leading to arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Lattice Semiconductor PAC-Designer 6.21

No auth needed

Prerequisites: Victim must open the malicious .pac file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/75698

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/48741

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/82001

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/53566

Scores

EPSS 0.2947

EPSS Percentile 97.9%

Details

CWE

CWE-119

Status published

Products (1)

lattice_semiconductor/pac-designer 6.2.1344

Published May 21, 2012

Tracked Since Feb 18, 2026