BB Flashback SDK FBRecorder ActiveX Control Multiple Remote Code Execution Vulnerabilities
BID:51184
Info
BB Flashback SDK FBRecorder ActiveX Control Multiple Remote Code Execution Vulnerabilities
| Bugtraq ID: | 51184 |
| Class: | Unknown |
| CVE: |
CVE-2011-1388 CVE-2011-1391 CVE-2011-1392 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 23 2011 12:00AM |
| Updated: | Feb 08 2012 07:00PM |
| Credit: | Anonymous |
| Vulnerable: |
IBM Rational Rhapsody 7.5.2 IBM Rational Rhapsody 7.5.1 IBM Rational Rhapsody 7.6 IBM Rational Rhapsody 7.5 Blueberry Software BB FlashBack SDK 0 |
| Not Vulnerable: |
IBM Rational Rhapsody 7.6.1 Blueberry Software BB FlashBack SDK 2.0.0.214 |
Discussion
BB Flashback SDK FBRecorder ActiveX Control Multiple Remote Code Execution Vulnerabilities
BB Flashback is prone to multiple remote code-execution vulnerabilities.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control.
BB Flashback versions prior to 2.0.0.214 are vulnerable.
BB Flashback is prone to multiple remote code-execution vulnerabilities.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control.
BB Flashback versions prior to 2.0.0.214 are vulnerable.
Exploit / POC
BB Flashback SDK FBRecorder ActiveX Control Multiple Remote Code Execution Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
BB Flashback SDK FBRecorder ActiveX Control Multiple Remote Code Execution Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
BB Flashback SDK FBRecorder ActiveX Control Multiple Remote Code Execution Vulnerabilities
References:
References:
- BB FlashBack SDK Download Page (Blueberry software)
- Microsoft Knowledge Base Article 240797 (Microsoft)
- ZDI-12-028 : IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Re (ZDI Disclosures
- ZDI-12-029 : IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote C (ZDI Disclosures
- ZDI-12-030 : IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecor (ZDI Disclosures
- Security Bulletin: Rational Rhapsody for Windows Blueberry FlashBack ActiveX Con (IBM)
- ZDI-12-028 IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remot (Zero Day Initiative)
- ZDI-12-029 IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code (Zero Day Initiative)
- ZDI-12-030 IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordM (Zero Day Initiative)