ASUS Net4Switch 'ipswcom.dll' ActiveX Remote Buffer Overflow Vulnerability

Bugtraq ID:	52110
Class:	Boundary Condition Error
CVE:	CVE-2012-4924
Remote:	Yes
Local:	No
Published:	Feb 17 2012 12:00AM
Updated:	Mar 19 2015 07:35AM
Credit:	Dmitriy Evdokimov, Digital Security Research Group
Vulnerable:	Asus ASUS Net4Switch ipswcom.dll 1.0.0.1
Not Vulnerable:

ASUS Net4Switch 'ipswcom.dll' ActiveX Remote Buffer Overflow Vulnerability

ASUS Net4Switch is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.

ASUS Net4Switch ipswcom.dll 1.0.0.1 is vulnerable; other versions may also be affected.

ASUS Net4Switch 'ipswcom.dll' ActiveX Remote Buffer Overflow Vulnerability

The following proof-of-concept and exploit are available:

• /data/vulnerabilities/exploits/52110.txt
• /data/vulnerabilities/exploits/52110.rb

ASUS Net4Switch 'ipswcom.dll' ActiveX Remote Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

ASUS Net4Switch 'ipswcom.dll' ActiveX Remote Buffer Overflow Vulnerability

References:

• [DSECRG-12-017] ASUS Net4Switch ipswcom.dll ActiveX - buffer overflow vulnerabil (DSECRG)
  
• ASUS Homepage (ASUS)