Home

Description

NetOp (now part of Impero Software) Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds checking, allowing an attacker to execute arbitrary code when the file is opened.

PUBLISHED Reserved 2025-08-11 | Published 2025-08-13 | Updated 2025-08-14 | Assigner VulnCheck




HIGH: 8.4CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-121 Stack-based Buffer Overflow

Product status

Default status
unknown

9.5
affected

Credits

Ruben Alejandro "chap0" finder

References

raw.githubusercontent.com/...its/windows/fileformat/netop.rb exploit

www.exploit-db.com/exploits/17223 exploit

www.exploit-db.com/exploits/18697 exploit

www.fortiguard.com/...trol-dws-file-handling-buffer-overflow third-party-advisory

netop.com/ product

web.archive.org/...s.com/netop-remotecontrol-10-01-released/ patch

www.vulncheck.com/...control-client-dws-file-buffer-overflow third-party-advisory

cve.org (CVE-2011-10012)

nvd.nist.gov (CVE-2011-10012)

Download JSON