IBM Personal Communications '.ws' File 'pcspref.dll' Remote Stak Buffer Overflow Vulnerability

Bugtraq ID:	52200
Class:	Input Validation Error
CVE:	CVE-2012-0201
Remote:	Yes
Local:	No
Published:	Feb 28 2012 12:00AM
Updated:	Feb 28 2012 12:00AM
Credit:	Rocco Calvi of stratsec.
Vulnerable:	IBM Personal Communications 6.0.3 IBM Personal Communications 6.0 IBM Personal Communications 5.9.7 IBM Personal Communications 5.9
Not Vulnerable:	IBM Personal Communications 6.0.4

IBM Personal Communications '.ws' File 'pcspref.dll' Remote Stak Buffer Overflow Vulnerability

IBM Personal Communications is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue will allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

IBM Personal Communications versions 5.9.0 to 5.9.7 and 6.0.0 to 6.0.3 are vulnerable.

IBM Personal Communications '.ws' File 'pcspref.dll' Remote Stak Buffer Overflow Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

IBM Personal Communications '.ws' File 'pcspref.dll' Remote Stak Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references for more details.

IBM Personal Communications '.ws' File 'pcspref.dll' Remote Stak Buffer Overflow Vulnerability

References:

• IBM Personal Communications (IBM)
  
• IBM Personal Communications pcspref.dll buffer overflow (IBM)
  
• Security Bulletin: IBM Personal Communications WorkStation file Buffer Overflow (IBM)