CVE-2011-1207

Sažetak

The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.

Reference

http://www.vupen.com/english/advisories/2011/1129
http://secunia.com/advisories/43474
http://secunia.com/advisories/43399
https://www.ibm.com/support/docview.wss?uid=swg21497689
http://securitytracker.com/id?1025464
http://www.securityfocus.com/bid/47643

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

30-05-2023 - 18:20

Objavljeno

05-05-2011 - 02:39