CVE-2012-0985 Information

Description

Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00 1.00_64 1.0.1 2.0 and 3.0; SmartWi Connection Utility 4.7 4.7.4 4.8 4.9 4.10 and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method.

Reference

http://archives.neohapsis.com/archives/bugtraq/2012-05/0147.html http://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946 http://osvdb.org/82401 http://secunia.com/advisories/49340 http://www.exploit-db.com/exploits/18958 http://www.securityfocus.com/bid/53735 https://exchange.xforce.ibmcloud.com/vulnerabilities/75978