CVE-2012-0708

Sažetak

Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.

Reference

http://osvdb.org/81443
http://secunia.com/advisories/48933
http://www.ibm.com/support/docview.wss?uid=swg21591705
http://www.securityfocus.com/bid/53170
http://www.securitytracker.com/id?1026958
https://exchange.xforce.ibmcloud.com/vulnerabilities/73492

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

19-12-2017 - 02:29

Objavljeno

22-04-2012 - 18:55