1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: IBM Personal Communication Access Worksation Profile CVE-2012-0201

Web Attack: IBM Personal Communication Access Worksation Profile CVE-2012-0201

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a stack-based buffer-overflow vulnerability in IBM Personal Communications.

Additional Information

IBM Personal Communications is a Windows emulator that provides connectivity to host data.

The application is prone to a remote stack-based buffer-overflow vulnerability because of improper boundary checking in the 'pcspref.dll' library file. Specifically, this issue occurs when handling certain specially crafted WorkStation ('.ws') files.

Successfully exploiting this issue will allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

IBM Personal Communications versions 5.9.0 to 5.9.7 and 6.0.0 to 6.0.3 are vulnerable.

Affected

  • IBM Personal Communications versions 5.9.0 to 5.9.7 and 6.0.0 to 6.0.3 are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube