CVE-2011-1207

Current Description

The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.

Basic Data

PublishedMay 05, 2011
Last ModifiedMay 31, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIbmRational System Architect11.3*******
    2.3ApplicationIbmRational System Architect11.3.1*******
    2.3ApplicationIbmRational System Architect11.3.1.1*******
    2.3ApplicationIbmRational System Architect11.3.1.2*******
    2.3ApplicationIbmRational System Architect11.3.1.3*******
    2.3ApplicationIbmRational System Architect11.4*******
    2.3ApplicationIbmRational System Architect11.4.0.1*******
    2.3ApplicationIbmRational System Architect********11.4.0.2

Vulnerable Software List

VendorProductVersions
Ibm Rational System Architect *, 11.3, 11.3.1, 11.3.1.1, 11.3.1.2, 11.3.1.3, 11.4, 11.4.0.1

References

NameSourceURLTags
43399http://secunia.com/advisories/43399SECUNIAVendor Advisory
43474http://secunia.com/advisories/43474SECUNIAVendor Advisory
1025464http://securitytracker.com/id?1025464SECTRACK
47643http://www.securityfocus.com/bid/47643BID
ADV-2011-1129http://www.vupen.com/english/advisories/2011/1129VUPENVendor Advisory
https://www.ibm.com/support/docview.wss?uid=swg21497689https://www.ibm.com/support/docview.wss?uid=swg21497689CONFIRMPatch Vendor Advisory