What is CVE-2012-0266?

CVE-2012-0266 is a vulnerability in Ntrglobal Ntr_activex_control, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2012-01-15.

Is CVE-2012-0266 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Ntrglobal Ntr_activex_control

CVE-2012-0266

Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check metho…

Vulnerability class: Buffer Overflow

EPSS: 0.737 (98.8th percentile) — read the EPSS interpretation.

Affected products

Ntrglobal Ntr_activex_control
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

PSIRT-CNA@flexerasoftware.com (x_refsource_MISC, Vendor Advisory)
20120111 Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
21841 (exploit, x_refsource_EXPLOIT-DB)
45166 (x_refsource_SECUNIA, third-party-advisory)
ntr-download-bo(72293) (vdb-entry, x_refsource_XF)
ntr-check-bo(72292) (vdb-entry, x_refsource_XF)
78252 (x_refsource_OSVDB, vdb-entry)
ntr-startmodule-bo(72291) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2012-0266?: CVE-2012-0266 is a vulnerability in Ntrglobal Ntr_activex_control, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2012-01-15.
Is CVE-2012-0266 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.