CVE-2012-2271
published 2012-05-21CVE-2012-2271: Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute…
PriorityP351critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
7.83%
93.9th percentile
Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| skincrafter | skincrafter | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SkinCrafter3 vs2005 3.8.1.0 - Multiple ActiveX Buffer Overflows
exploitdb·2015-01-05
CVE-2012-2271 SkinCrafter3 vs2005 3.8.1.0 - Multiple ActiveX Buffer Overflows
SkinCrafter3 vs2005 3.8.1.0 - Multiple ActiveX Buffer Overflows
---
ActiveX Buffer Overflow in SkinCrafter3_vs2005
Affected version=3.8.1.0
Vendor Homepage:http://skincrafter.com/
Software Link:skincrafter.com/downloads/SkinCrafter_Demo_2005_2008_x86.zip
The vulnerability lies in the COM component used by the product SkinCrafter3_vs2005.dll.
Description: Skin Crafter is a software that is used to create custom skins for different windows applications.
SkinCrafter is compatible with Windows XP / Vista / 7 / 8 and earlier versions.
Vulnerability tested on Windows Xp Sp3 (EN),with IE6
Author: metacom
Vulnerability discovered:04.01.2015
junk1 = "";
while(junk1.length
################################################################################
ActiveX Buffer Overflow in SkinCrafter
Exploit-DB
SkinCrafter ActiveX Control 3.0 - Local Buffer Overflow
exploitdb·2012-05-17·CVSS 10.0
CVE-2012-2271 [CRITICAL] SkinCrafter ActiveX Control 3.0 - Local Buffer Overflow
SkinCrafter ActiveX Control 3.0 - Local Buffer Overflow
---
# Software : SkinCrafter from NMSoft Technologies
# Version : SkinCrafter version 3.0
# Title : Buffer overflow in skincrafter3_vs2005.dll of skinCrafter vs3.0
# Link : http://www.skincrafter.com/downloads/SkinCrafter_Demo_2005_2008_x86.zip
# Date : May 17, 2012
# Tested on : XP SP2
# The vulnerability lies in the COM component used by the product SkinCrafter
# from DMSoft Technologies(http://www.dmsofttech.com/projects.html). This COM
# component, SkinCrafter3_vs2005.dll, implememnts a function InitLicenKeys,
# whose parameter is not checked for the bounds, hence leading to the
# overflow condition
====
POC:
====
Exploit !!!!!!!!!!!!!!!!!!!!!!!!!
'Exploit title: Buffer overflow in skincrafter3_vs2005.dll of skinCrafter vs
No writeups or analysis indexed.
2012-05-21
Published