cbcvebase.
CVE-2012-1465
published 2012-03-19

CVE-2012-1465: Stack-based buffer overflow in the HTTP Server in NetMechanica NetDecision before 4.6.1 allows remote attackers to cause a denial of service (application…

PriorityP338medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
27.40%
97.8th percentile
Stack-based buffer overflow in the HTTP Server in NetMechanica NetDecision before 4.6.1 allows remote attackers to cause a denial of service (application crash) via a long URL in an HTTP request. NOTE: some of these details are obtained from third party information.

Affected

1 ranges
VendorProductVersion rangeFixed in
netmechanicanetdecision<= 4.5.1

Detection & IOCsextracted from sources · hover to see the quote

pathC:\Program Files\NetDecision\Bin\HttpSvr.exe
commandGET AAAA...A(x1276)
  • Detect exploitation attempts by matching the HTTP Server banner 'NetDecision-HTTP-Server/1.0' in server responses, which the Metasploit module uses to fingerprint vulnerable targets.
  • Alert on HTTP GET requests with URLs exceeding ~1276 bytes directed at port 80, which is the minimum payload length used in the DoS proof-of-concept.
  • The Metasploit exploit uses an SEH-based overflow with an offset of 1620 bytes and a POP/POP/RET gadget from OLEACC.dll (0x74C869E2); monitor for abnormally long GET request URIs against NetDecision HTTP service.
  • The directory traversal companion vulnerability uses '...\' sequences in the path against TrafficGrapherServer.exe; monitor HTTP requests containing '...\' path components on NetDecision hosts.
  • ·Remote code execution via the buffer overflow requires the victim to have HttpSvr's window actively focused/visible; without this condition only a DoS crash is achievable.
  • ·The ROP/SEH return address (0x74C869E2 in OLEACC.dll) is specific to NetDecision 4.5.1 on Windows XP SP3; it will not be reliable on other OS/patch levels.
  • ·The exploit payload must avoid the listed bad characters; payloads containing these bytes will be corrupted and fail.

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_redhat9.1CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.