IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Remote Code Execution Vulnerabilities
BID:51448
Info
IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Remote Code Execution Vulnerabilities
| Bugtraq ID: | 51448 |
| Class: | Unknown |
| CVE: |
CVE-2012-0189 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 17 2012 12:00AM |
| Updated: | Feb 08 2012 06:30PM |
| Credit: | Andrea Micalizza aka rgod, working with ZDI. |
| Vulnerable: |
IBM SPSS SamplePower 3.0 |
| Not Vulnerable: | |
Discussion
IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Remote Code Execution Vulnerabilities
IBM SPSS SamplePower is prone to multiple unspecified remote code-execution vulnerabilities.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.
IBM SPSS SamplePower 3.0 is vulnerable.
IBM SPSS SamplePower is prone to multiple unspecified remote code-execution vulnerabilities.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.
IBM SPSS SamplePower 3.0 is vulnerable.
Exploit / POC
IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Remote Code Execution Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Remote Code Execution Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Remote Code Execution Vulnerabilities
References:
References:
- IBM Homepage (IBM)
- IBM SPSS SamplePower Product Page (IBM)
- ZDI-12-027 : IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Ex (ZDI Disclosures
- IBM SPSS VsVIEW6.ocx ActiveX Control Multiple Methods Remote Code Execution Vuln (Zero Day Initiative)
- Security Bulletin: IBM SPSS SamplePower vsview6 ActiveX Control vulnerabilities (IBM)
- ZDI-12-027 IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execu (Zero Day Initiative)