CVE-2011-10012
Severity CVSS v4.0:
HIGH
Type:
CWE-121
Stack-based Buffer Overflow
Publication date:
13/08/2025
Last modified:
14/08/2025
Description
NetOp (now part of Impero Software) Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds checking, allowing an attacker to execute arbitrary code when the file is opened.
Impact
Base Score 4.0
8.40
Severity 4.0
HIGH
References to Advisories, Solutions, and Tools
- https://netop.com/
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/netop.rb
- https://web.archive.org/web/20120314075913/https://codework-systems.com/netop-remotecontrol-10-01-released/
- https://www.exploit-db.com/exploits/17223
- https://www.exploit-db.com/exploits/18697
- https://www.fortiguard.com/encyclopedia/ips/27765/netop-remote-control-dws-file-handling-buffer-overflow
- https://www.vulncheck.com/advisories/netop-remote-control-client-dws-file-buffer-overflow