Current Description

The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx in IBM Rational System Architect,, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.

Basic Data

PublishedMay 05, 2011
Last ModifiedMay 31, 2011
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.


  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIbmRational System Architect11.3*******
    2.3ApplicationIbmRational System Architect11.3.1*******
    2.3ApplicationIbmRational System Architect11.3.1.1*******
    2.3ApplicationIbmRational System Architect11.3.1.2*******
    2.3ApplicationIbmRational System Architect11.3.1.3*******
    2.3ApplicationIbmRational System Architect11.4*******
    2.3ApplicationIbmRational System Architect11.4.0.1*******
    2.3ApplicationIbmRational System Architect********

Vulnerable Software List

Ibm Rational System Architect *, 11.3, 11.3.1,,,, 11.4,


43399 Advisory
43474 Advisory
ADV-2011-1129 Advisory Vendor Advisory