Sony VAIO Wireless Manager ActiveX Control WifiMan.dll Multiple Buffer Overflows

High Nessus Plugin ID 60109


The remote Windows host has an ActiveX control installed that is affected by multiple buffer overflow vulnerabilities.


The Sony VAIO Wireless Manager ActiveX control installed on the remote Windows host is affected by buffer overflow vulnerabilities in 'SetTmpProfileOption()' and 'ConnectToNetWokrkOption()' in WifiMan.dll. By tricking a victim into visiting a specially crafted page, an attacker may be able to execute arbitrary code on the host.


Either set the kill bit for the control or upgrade to version 5.7.0 of the control.

See Also

Plugin Details

Severity: High

ID: 60109

File Name: vaio_wireless_manager_activex_bof.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2012/07/24

Modified: 2013/05/23

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:sony:vaio_easy_connect

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/01/20

Vulnerability Publication Date: 2012/05/30

Reference Information

CVE: CVE-2012-0985

BID: 53735

OSVDB: 82401

EDB-ID: 18958