CVE-2012-4924

ASUS Net4Switch 1.0.0020 - Buffer Overflow

Title source: llm

Description

Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/18538

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Dmitriy Evdokimov, sinn3r · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/asus_net4switch_ipswcom.rb

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/73384

[Vendor Advisory] http://secunia.com/advisories/48125

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/52110

[Third Party Advisory, VDB Entry] http://osvdb.org/79438

[Exploit] http://www.exploit-db.com/exploits/18538

[Various Sources] http://dsecrg.com/pages/vul/show.php?id=417

Scores

EPSS 0.8428

EPSS Percentile 99.3%

Details

CWE

CWE-119

Status published

Products (2)

asus/ipswcom_activex_component 1.0.0.1

asus/net4switch 1.0.0020

Published Sep 15, 2012

Tracked Since Feb 18, 2026