CVE-2012-0985

Name of the Vulnerable Software and Affected Versions Sony VAIO PC Wireless LAN Wizard versions 1.0 through 3.0 SmartWi Connection Utility versions 4.7 through 4.11 VAIO Easy Connect software versions 1.0.0 through 1.1.0

Description The issue is related to multiple buffer overflows in the Wireless Manager ActiveX control. This can be exploited by remote attackers to cause a denial of service or possibly execute arbitrary code. The exploitation occurs via a long string in the second argument of the SetTmpProfileOption or ConnectToNetwork method.

Recommendations For Sony VAIO PC Wireless LAN Wizard versions 1.0 through 3.0, consider disabling the SetTmpProfileOption and ConnectToNetwork methods until a patch is available. For SmartWi Connection Utility versions 4.7 through 4.11, restrict access to the Wireless Manager ActiveX control to minimize the risk of exploitation. For VAIO Easy Connect software versions 1.0.0 through 1.1.0, avoid using the SetTmpProfileOption and ConnectToNetwork methods in the Wireless Manager ActiveX control until the issue is resolved.