RCE in Emc Networker_module_for_microsoft_applications

CVE-2012-2290

The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.047 (89.5th percentile) — read the EPSS interpretation.

Affected products

Emc Networker_module_for_microsoft_applications — versions 2.2.1, 2.3, 2.4
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

50957 (x_refsource_SECUNIA, third-party-advisory)
86158 (x_refsource_OSVDB, vdb-entry)
55883 (vdb-entry, x_refsource_BID)
1027647 (vdb-entry, x_refsource_SECTRACK)
20121010 ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)