CVE-2011-10012

NetOp (now part of Impero Software) Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds checking, allowing an attacker to execute arbitrary code when the file is opened.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Common Weakness Enumeration
References
https://netop.com/
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/netop.rb
https://web.archive.org/web/20120314075913/https://codework-systems.com/netop-remotecontrol-10-01-released/
https://www.exploit-db.com/exploits/17223
https://www.exploit-db.com/exploits/18697
https://www.fortiguard.com/encyclopedia/ips/27765/netop-remote-control-dws-file-handling-buffer-overflow
https://www.vulncheck.com/advisories/netop-remote-control-client-dws-file-buffer-overflow