CVE-2012-4177
UBI Uplay PC < 2.0.3 - OS Command Injection
Title source: ruleDescription
The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/20321
metasploit
WORKING POC
NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ubisoft_uplay_cmd_exec.rb
References (5)
Scores
EPSS
0.8023
EPSS Percentile
99.1%
Details
CWE
CWE-78
Status
published
Products (4)
ubi/uplay_pc
2.0
ubi/uplay_pc
2.0.1
ubi/uplay_pc
2.0.2
ubi/uplay_pc
< 2.0.3
Published
Aug 07, 2012
Tracked Since
Feb 18, 2026