cbcvebase.
CVE-2012-2515
published 2012-07-05

CVE-2012-2515: Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component)…

PriorityP262critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
27.59%
97.8th percentile
Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method.

Affected

12 ranges
VendorProductVersion rangeFixed in
emccaptiva_quickscan_pro
emcdocumentum_applicationxtender_desktop
geintelligent_platforms_proficy_batch_execution
geintelligent_platforms_proficy_historian
geintelligent_platforms_proficy_historian
geintelligent_platforms_proficy_historian
geintelligent_platforms_proficy_historian
geintelligent_platforms_proficy_hmi_scada_ifix
geintelligent_platforms_proficy_hmi_scada_ifix
geintelligent_platforms_proficy_pulse
geintelligent_platforms_si7_i_o_driver
geintelligent_platforms_si7_i_o_driver

Detection & IOCsextracted from sources · hover to see the quote

filenameKeyHelp.ocx
otherKeyHelp.KeyCtrl.1
commandJumpMappedID(<arg1>, <long_string>)
commandJumpURL(<arg1>, <long_string>)
  • Detect presence of KeyHelp.ocx version 1.2.3120.0 on endpoints; its presence in affected products (EMC ApplicationXtender 5.4, GE Proficy suite) indicates exposure to this vulnerability.
  • The attack vector is drive-by / social engineering: a user must visit a malicious website. Monitor web proxy logs for suspicious ActiveX object instantiation patterns targeting KeyHelp.KeyCtrl.1.
  • A Metasploit module exists for this vulnerability (windows/fileformat/emc_appextender_keyworks); monitor endpoint security tools for exploit attempts matching this module's file-format attack pattern.
  • ·GE recommends unregistering and deleting KeyHelp.ocx entirely rather than patching; removal instructions are product-specific to avoid breaking functionality.
  • ·At time of advisory publication, no known public exploits specifically targeted these vulnerabilities (though a Metasploit module now exists).
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.