IBM Rational ClearQuest 'cqole.dll' ActiveX Control Heap Buffer Overflow Vulnerability

Bugtraq ID:	53170
Class:	Boundary Condition Error
CVE:	CVE-2012-0708
Remote:	Yes
Local:	No
Published:	Apr 19 2012 12:00AM
Updated:	Jul 04 2012 09:50AM
Credit:	Andrea Micalizzi
Vulnerable:	IBM IBM Rational ClearQuest 7.1.1 IBM IBM Rational ClearQuest 8.0.0.1 IBM IBM Rational ClearQuest 8.0 IBM IBM Rational ClearQuest 7.1.2.5
Not Vulnerable:	IBM IBM Rational ClearQuest 8.0.0.2 IBM IBM Rational ClearQuest 7.1.2.6 IBM IBM Rational ClearQuest 7.1.1.9

IBM Rational ClearQuest 'cqole.dll' ActiveX Control Heap Buffer Overflow Vulnerability

IBM Rational ClearQuest is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application, typically Internet Explorer, that uses the affected ActiveX control. Failed attacks will likely cause denial-of-service conditions.

IBM Rational ClearQuest versions 8.0, 8.0.0.1 and 7.1.1 through 7.1.2.5 are vulnerable.

IBM Rational ClearQuest 'cqole.dll' ActiveX Control Heap Buffer Overflow Vulnerability

The following exploit code is available:

• /data/vulnerabilities/exploits/53170.rb

IBM Rational ClearQuest 'cqole.dll' ActiveX Control Heap Buffer Overflow Vulnerability

Solution:
Updates are available. Please contact the vendor for more information.

IBM Rational ClearQuest 'cqole.dll' ActiveX Control Heap Buffer Overflow Vulnerability

References:

• IBM Rational ClearQuest ActiveX control (cqole.dll) buffer overflow (IBM)
  
• Security Bulletin: IBM Rational ClearQuest CQOle ActiveX Control Remote Executio (IBM)