Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1207

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-1207
Last Modified 31 May 2011 12:00:00
Published 04 May 2011 10:39:46
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1207

Summary

The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Ibm Rational System Architect 11.3

  • Ibm Rational System Architect 11.3.1

  • Ibm Rational System Architect 11.3.1.1

  • Ibm Rational System Architect 11.3.1.2

  • Ibm Rational System Architect 11.3.1.3

  • Ibm Rational System Architect 11.4

  • Ibm Rational System Architect 11.4.0.1

  • Ibm Rational System Architect 11.4.0.2


References

CONFIRM - https://www.ibm.com/support/docview.wss?uid=swg21497689

VUPEN - ADV-2011-1129

BID - 47643

SECTRACK - 1025464

SECUNIA - 43474

SECUNIA - 43399


Last Updated: 27 May 2016 10:56:13