Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0708

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-0708
Last Modified 23 Apr 2012 12:00:00
Published 22 Apr 2012 02:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0708

Summary

Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.

Vulnerable Systems

Application

  • Ibm Rational Clearquest 7.1.1

  • Ibm Rational Clearquest 7.1.1.1

  • Ibm Rational Clearquest 7.1.1.2

  • Ibm Rational Clearquest 7.1.1.3

  • Ibm Rational Clearquest 7.1.1.4

  • Ibm Rational Clearquest 7.1.2

  • Ibm Rational Clearquest 7.1.2.1

  • Ibm Rational Clearquest 7.1.2.2

  • Ibm Rational Clearquest 7.1.2.3

  • Ibm Rational Clearquest 7.1.2.4

  • Ibm Rational Clearquest 7.1.2.5

  • Ibm Rational Clearquest 7.1.2.6

  • Ibm Rational Clearquest 8.0.0

  • Ibm Rational Clearquest 8.0.0.1


References

XF - rcq-cqole-activex-bo(73492)

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg21591705


Last Updated: 27 May 2016 10:57:30