IBM Personal Communications iSeries Access WorkStation 5.9 Profile
Rocco Calvi
- Affected Vendor
- IBM
- Affected Product
- Personal Communications
- Exploit Type
- Metasploit Module
- Metasploit Module
exploit/windows/fileformat/ibm_pcm_ws
Description
A stack-based buffer overflow in IBM Personal Communications allows arbitrary code execution through malicious WorkStation profile files. The vulnerability exists in pcspref.dll where the application does not perform bounds checking on strcpy operations, enabling data to overwrite return addresses. The exploit bypasses DEP and ASLR on Windows XP, Vista, and Windows 7.