Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-2176

CWE-119 ā€” Buffer Overflow4 documents4 sources
Severity
9.3CRITICAL
EPSS
61.9%
top 1.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Lotus Quickr
Timeline
PublishedMay 25
Latest updateMay 17

Description

Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

ā–¶NVDibm/lotus_quickr8.2

šŸ”“Vulnerability Details

2
GHSA
GHSA-f3gx-cg96-r5vh: Multiple stack-based buffer overflows in a certain ActiveX control in qp2ā†—2022-05-17
ā–¶
CVEList
CVE-2012-2176: Multiple stack-based buffer overflows in a certain ActiveX control in qp2ā†—2012-05-25
ā–¶

šŸ’„Exploits & PoCs

1
Exploit-DB
IBM Lotus QuickR qp2 - ActiveX Buffer Overflow (Metasploit)ā†—2012-12-31
ā–¶
CVE-2012-2176 (CRITICAL CVSS 9.3) | Multiple stack-based buffer overflo | cvebase.io