What is CVE-2012-4524?

CVE-2012-4524 is a high-severity software vulnerability (Improper input validation) with a CVSS score of 7.5. xlockmore before 5.43 'dclock' security bypass vulnerability

Is CVE-2012-4524 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 3%.

What products does CVE-2012-4524 affect?

Tracked products affected include Fedora. Check the version you run to see whether it is affected.

How do I fix CVE-2012-4524?

Apply the vendor fix promptly. An official patch or advisory is available. Upgrade affected products to a fixed version.

← All products

CVE-2012-4524

HIGH severity · CVSS 7.5 · Improper input validation

7.5CVSS HIGH

Summary

xlockmore before 5.43 'dclock' security bypass vulnerability

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionNone

Confidentiality impactNone

Integrity impactHigh

Availability impactNone

Exploit probability (EPSS)3%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products we track (1)

Fedora

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: http://www.openwall.com/lists/oss-security/2012/10/17/12 ↗

Additional information

NVD record
http://www.openwall.com/lists/oss-security/2012/10/17/12Patch
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091108.htmlAdvisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091150.htmlAdvisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091709.htmlAdvisory
http://security.gentoo.org/glsa/glsa-201309-03.xmlAdvisory
http://www.securityfocus.com/bid/56169Advisory
https://access.redhat.com/security/cve/cve-2012-4524
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4524Advisory