CVE-2012-4924

Published: Sep 15, 2012Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.

Affected (2)

Products: Asus: Ipswcom Activex Component, Net4switch

Asus

2 products

Ipswcom Activex Component

Net4switch

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Asus Ipswcom Activex Component	Version 1.0.0.1
Asus Net4switch	Version 1.0.0020

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (12)

http://dsecrg.com/pages/vul/show.php?id=417

Source: cve@mitre.org

http://osvdb.org/79438

Source: cve@mitre.org

http://secunia.com/advisories/48125

Source: cve@mitre.org

Vendor Advisory

http://www.exploit-db.com/exploits/18538

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/52110

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/73384

Source: cve@mitre.org

http://dsecrg.com/pages/vul/show.php?id=417