Vulnerabilites related to asus - net4switch
Vulnerability from fkie_nvd
Published
2012-09-15 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asus | ipswcom_activex_component | 1.0.0.1 | |
| asus | net4switch | 1.0.0020 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:ipswcom_activex_component:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94587311-7351-4B79-8194-43429948DD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asus:net4switch:1.0.0020:*:*:*:*:*:*:*",
"matchCriteriaId": "C28E8171-54A4-469E-91A2-CF9F7A63C33F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n CxDbgPrint en el componente ActiveX ipswcom.dll v1.0.0.1 para ASUS Net4Switch 1.0.0020, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro largo sobre el m\u00e9todo Alert."
}
],
"id": "CVE-2012-4924",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-15T17:55:07.473",
"references": [
{
"source": "cve@mitre.org",
"url": "http://dsecrg.com/pages/vul/show.php?id=417"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/79438"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48125"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18538"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52110"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dsecrg.com/pages/vul/show.php?id=417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/79438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73384"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201209-0472
Vulnerability from variot
Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method. ASUS Net4Switch is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. ASUS Net4Switch ipswcom.dll 1.0.0.1 is vulnerable; other versions may also be affected. ASUS Net4Switch is a network management software for ASUS computers. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm
TITLE: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA48125
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48125/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48125
RELEASE DATE: 2012-02-22
DISCUSS ADVISORY: http://secunia.com/advisories/48125/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48125/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48125
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Digital Security Research Group has discovered a vulnerability in Net4Switch ipswcom ActiveX Control, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 1.0.0020 (ipswcom 1.0.0.1).
SOLUTION: Set the kill-bit for the affected ActiveX control.
PROVIDED AND/OR DISCOVERED BY: Dmitriy Evdokimov, Digital Security Research Group
ORIGINAL ADVISORY: DSECRG-12-017: http://dsecrg.com/pages/vul/show.php?id=417
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0472",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipswcom activex component",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "1.0.0.1"
},
{
"model": "net4switch",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "1.0.0020"
},
{
"model": "ipswcom.dll activex component",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "1.0.0.1"
},
{
"model": "net4switch",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "1.0.0020"
},
{
"model": "net4switch ipswcom.dll",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "1.0.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "52110"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004429"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-342"
},
{
"db": "NVD",
"id": "CVE-2012-4924"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:asus:ipswcom_activex_component",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:asus:net4switch",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004429"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitriy Evdokimov, Digital Security Research Group",
"sources": [
{
"db": "BID",
"id": "52110"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4924",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-4924",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-58205",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-4924",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-4924",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-342",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-58205",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58205"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004429"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-342"
},
{
"db": "NVD",
"id": "CVE-2012-4924"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method. ASUS Net4Switch is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. \nASUS Net4Switch ipswcom.dll 1.0.0.1 is vulnerable; other versions may also be affected. ASUS Net4Switch is a network management software for ASUS computers. ----------------------------------------------------------------------\n\nSecunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March\nListen to our Chief Security Specialist, Research Analyst Director, and Director Product Management \u0026 Quality Assurance discuss the industry\u0027s key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm\n\n----------------------------------------------------------------------\n\nTITLE:\nNet4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA48125\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48125/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48125\n\nRELEASE DATE:\n2012-02-22\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48125/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48125/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48125\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nDigital Security Research Group has discovered a vulnerability in\nNet4Switch ipswcom ActiveX Control, which can be exploited by\nmalicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to a boundary error within the\n\"CxDbgPrint()\" function (cxcmrt.dll) when creating a debug message\nstring. \n\nSuccessful exploitation allows execution of arbitrary code. \n\nThe vulnerability is confirmed in version 1.0.0020 (ipswcom 1.0.0.1). \n\nSOLUTION:\nSet the kill-bit for the affected ActiveX control. \n\nPROVIDED AND/OR DISCOVERED BY:\nDmitriy Evdokimov, Digital Security Research Group\n\nORIGINAL ADVISORY:\nDSECRG-12-017:\nhttp://dsecrg.com/pages/vul/show.php?id=417\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4924"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004429"
},
{
"db": "BID",
"id": "52110"
},
{
"db": "VULHUB",
"id": "VHN-58205"
},
{
"db": "PACKETSTORM",
"id": "110070"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-58205",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58205"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4924",
"trust": 2.8
},
{
"db": "BID",
"id": "52110",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "48125",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "79438",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "18538",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004429",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201209-342",
"trust": 0.7
},
{
"db": "XF",
"id": "4",
"trust": 0.6
},
{
"db": "XF",
"id": "73384",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-72625",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-58205",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110070",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58205"
},
{
"db": "BID",
"id": "52110"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004429"
},
{
"db": "PACKETSTORM",
"id": "110070"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-342"
},
{
"db": "NVD",
"id": "CVE-2012-4924"
}
]
},
"id": "VAR-201209-0472",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-58205"
}
],
"trust": 0.6277777999999999
},
"last_update_date": "2024-11-23T19:40:55.624000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.asus.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004429"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58205"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004429"
},
{
"db": "NVD",
"id": "CVE-2012-4924"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://dsecrg.com/pages/vul/show.php?id=417"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/52110"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/18538"
},
{
"trust": 1.7,
"url": "http://osvdb.org/79438"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48125"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73384"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4924"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4924"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/73384"
},
{
"trust": 0.3,
"url": "http://www.dsecrg.com/pages/vul/show.php?id=417"
},
{
"trust": 0.3,
"url": "http://www.asus.com"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48125/#comments"
},
{
"trust": 0.1,
"url": "http://www.rsaconference.com/events/2012/usa/index.htm"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48125/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48125"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58205"
},
{
"db": "BID",
"id": "52110"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004429"
},
{
"db": "PACKETSTORM",
"id": "110070"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-342"
},
{
"db": "NVD",
"id": "CVE-2012-4924"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-58205"
},
{
"db": "BID",
"id": "52110"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004429"
},
{
"db": "PACKETSTORM",
"id": "110070"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-342"
},
{
"db": "NVD",
"id": "CVE-2012-4924"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-58205"
},
{
"date": "2012-02-17T00:00:00",
"db": "BID",
"id": "52110"
},
{
"date": "2012-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004429"
},
{
"date": "2012-02-22T08:42:33",
"db": "PACKETSTORM",
"id": "110070"
},
{
"date": "2012-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-342"
},
{
"date": "2012-09-15T17:55:07.473000",
"db": "NVD",
"id": "CVE-2012-4924"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-58205"
},
{
"date": "2015-03-19T07:35:00",
"db": "BID",
"id": "52110"
},
{
"date": "2012-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004429"
},
{
"date": "2012-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-342"
},
{
"date": "2024-11-21T01:43:45.697000",
"db": "NVD",
"id": "CVE-2012-4924"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-342"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS Net4Switch for ipswcom.dll ActiveX Component buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004429"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-342"
}
],
"trust": 0.6
}
}
CVE-2012-4924 (GCVE-0-2012-4924)
Vulnerability from cvelistv5
Published
2012-09-15 17:00
Modified
2024-08-06 20:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/48125 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/52110 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/79438 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/73384 | vdb-entry, x_refsource_XF | |
| http://www.exploit-db.com/exploits/18538 | exploit, x_refsource_EXPLOIT-DB | |
| http://dsecrg.com/pages/vul/show.php?id=417 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48125"
},
{
"name": "52110",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52110"
},
{
"name": "79438",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/79438"
},
{
"name": "net4switch-activex-bo(73384)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73384"
},
{
"name": "18538",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18538"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=417"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48125"
},
{
"name": "52110",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52110"
},
{
"name": "79438",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/79438"
},
{
"name": "net4switch-activex-bo(73384)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73384"
},
{
"name": "18538",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18538"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=417"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48125"
},
{
"name": "52110",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52110"
},
{
"name": "79438",
"refsource": "OSVDB",
"url": "http://osvdb.org/79438"
},
{
"name": "net4switch-activex-bo(73384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73384"
},
{
"name": "18538",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18538"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=417",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=417"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4924",
"datePublished": "2012-09-15T17:00:00",
"dateReserved": "2012-09-15T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}