IBM SPSS Data Collection and Dimensions ActiveX Control Remote Code Execution Vulnerabilities
BID:51445
Info
IBM SPSS Data Collection and Dimensions ActiveX Control Remote Code Execution Vulnerabilities
| Bugtraq ID: | 51445 |
| Class: | Unknown |
| CVE: |
CVE-2012-0188 CVE-2012-0190 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 17 2012 12:00AM |
| Updated: | Feb 08 2012 06:30PM |
| Credit: | Andrea Micalizza aka rgod, working with ZDI. |
| Vulnerable: |
IBM SPSS Dimensions 5.5 IBM SPSS Data Collection 6.0.1 IBM SPSS Data Collection 6.0 IBM SPSS Data Collection 5.6 |
| Not Vulnerable: | |
Discussion
IBM SPSS Data Collection and Dimensions ActiveX Control Remote Code Execution Vulnerabilities
IBM SPSS Data Collection and Dimensions are prone to multiple unspecified remote code-execution vulnerabilities.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.
The following versions are affected:
IBM SPSS Data Collection 5.6, 6.0, and 6.0.1
IBM SPSS Dimensions 5.5
IBM SPSS Data Collection and Dimensions are prone to multiple unspecified remote code-execution vulnerabilities.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.
The following versions are affected:
IBM SPSS Data Collection 5.6, 6.0, and 6.0.1
IBM SPSS Dimensions 5.5
Exploit / POC
IBM SPSS Data Collection and Dimensions ActiveX Control Remote Code Execution Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
IBM SPSS Data Collection and Dimensions ActiveX Control Remote Code Execution Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
IBM SPSS Data Collection and Dimensions ActiveX Control Remote Code Execution Vulnerabilities
References:
References:
- IBM Homepage (IBM)
- IBM SPSS Data Collection Product Page (IBM)
- SPSS Data Collection Security Interim Fix (IBM)
- ZDI-12-026 : IBM SPSS ExportHTML.dll ActiveX Control Render Method Remote Code (ZDI Disclosures
- IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execut (Zero Day Initiative )
- Security Bulletin: IBM SPSS Data Collection ActiveX Control vulnerabilities (CVE (IBM)
- ZDI-12-026 IBM SPSS ExportHTML.dll ActiveX Control Render Method Remote Code Exe (Zero Day Initiative)