2 Buffer Overflows in Wireless Manager Sony VAIO
|Product:||Wireless Manager Sony VAIO|
|Vulnerable Versions:||220.127.116.11 and probably prior|
|Advisory Publication:||December 7, 2011 [without technical details]|
|Vendor Notification:||December 7, 2011|
|Vendor Fix:||January 20, 2012|
|Public Disclosure:||May 30, 2012|
|Latest Update:||March 27, 2012|
|Vulnerability Type:||Buffer Errors [CWE-119]|
|CVSSv2 Base Score:||9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)|
|Solution Status:||Fixed by Vendor|
|Discovered and Provided:||High-Tech Bridge Security Research Lab|
High-Tech Bridge SA Security Research Lab has discovered 2 buffer overflow vulnerabilities in Wireless Manager Sony VAIO which can be exploited to execute arbitrary code on vulnerable system.
|Sony has released a security update for the Affected Models that resolves this issue. Sony recommends that all customers who have Affected Models immediately install the latest version of the software by using VAIO Update.|
Note: If you are using the default VAIO Update settings the update will be installed automatically.
More information and security update:
| High-Tech Bridge Advisory HTB23063 - https://www.htbridge.com/advisory/HTB23063 - Buffer Overflow in Wireless Manager Sony VAIO.|
 Wireless Manager Sony VAIO - http://www.sony.co.uk/hub/vaio-laptops - is a software to manage wireless connections that is installed by default on various series of Sony VAIO laptops.
 Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
 Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.