Sony VAIO Wireless Manager ActiveX Control 'WifiMan.dll' Multiple Buffer Overflow Vulnerabilities
BID:53735
Info
Sony VAIO Wireless Manager ActiveX Control 'WifiMan.dll' Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 53735 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2012-0985 |
| Remote: | Yes |
| Local: | No |
| Published: | May 30 2012 12:00AM |
| Updated: | May 30 2012 12:00AM |
| Credit: | High-Tech Bridge SA |
| Vulnerable: |
Sony VAIO Wireless Manager 4.0.0.0 |
| Not Vulnerable: | |
Discussion
Sony VAIO Wireless Manager ActiveX Control 'WifiMan.dll' Multiple Buffer Overflow Vulnerabilities
Sony VAIO Wireless Manager ActiveX control ('WifiMan.dll') is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.
Attackers may exploit these issues to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
Sony VAIO Wireless Manager 4.0.0.0 is vulnerable; prior versions may also be affected.
Sony VAIO Wireless Manager ActiveX control ('WifiMan.dll') is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.
Attackers may exploit these issues to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
Sony VAIO Wireless Manager 4.0.0.0 is vulnerable; prior versions may also be affected.
Exploit / POC
Sony VAIO Wireless Manager ActiveX Control 'WifiMan.dll' Multiple Buffer Overflow Vulnerabilities
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted Web page.
The following proof of concept codes are available:
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted Web page.
The following proof of concept codes are available:
Solution / Fix
Sony VAIO Wireless Manager ActiveX Control 'WifiMan.dll' Multiple Buffer Overflow Vulnerabilities
Solution:
Updates are available. Please contact the vendor for more information.
Solution:
Updates are available. Please contact the vendor for more information.
References
Sony VAIO Wireless Manager ActiveX Control 'WifiMan.dll' Multiple Buffer Overflow Vulnerabilities
References:
References:
- VAIO Homepage (Sony)
- 2 Buffer Overflows in Wireless Manager Sony VAIO (High-Tech Bridge SA)