CVE-2012-6568

Huawei UTPS 1.0 - Buffer Overflow via IDS_PLUGIN_NAME in Plugin Configuration File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6568. PoCs published by Dark-Puzzle.

AI-analyzed exploit summary This exploit targets a Unicode SEH-based buffer overflow in Huawei Technologies' Internet Mobile software. It leverages a crafted payload to trigger a vulnerability in the SMSUIPlugin language file, leading to arbitrary code execution (calc.exe) on Windows XP SP1.

Description

Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file.

Exploits (1)

exploitdb WORKING POC

by Dark-Puzzle · perllocalwindows

https://www.exploit-db.com/exploits/21988

View Code ZIP pw:eip

This exploit targets a Unicode SEH-based buffer overflow in Huawei Technologies' Internet Mobile software. It leverages a crafted payload to trigger a vulnerability in the SMSUIPlugin language file, leading to arbitrary code execution (calc.exe) on Windows XP SP1.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Huawei Technologies Internet Mobile (all versions)

No auth needed

Prerequisites: Windows XP SP1 environment · Huawei Internet Mobile software installed · Manual modification of SMSUIPlugin language file

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/files/download/116604/huawei-overflow.txt

Vendor Advisory x_refsource_confirm

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-204627.htm

Scores

EPSS 0.0009

EPSS Percentile 25.4%

Details

CWE

CWE-119

Status published

Products (1)

huawei/utps 1.0

Published Jun 20, 2013

Tracked Since Feb 18, 2026