Lucene search

IbmCVE-2012-0190

HistoryJan 18, 2012 - 8:55 p.m.

CVE-2012-0190

2012-01-1820:55:03

ibm

web.nvd.nist.gov

cve-2012-0190

ibm spss dimensions

spss data collection

remote code execution

activex

vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.88

Percentile

98.7%

JSON

Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.

Affected configurations

Nvd

Node

ibmspss_data_collectionMatch5.6

ibmspss_data_collectionMatch6.0

ibmspss_data_collectionMatch6.0.1

ibmspss_dimensionsMatch5.5

VendorProductVersionCPE
ibmspss_data_collection5.6cpe:2.3:a:ibm:spss_data_collection:5.6:*:*:*:*:*:*:*
ibmspss_data_collection6.0cpe:2.3:a:ibm:spss_data_collection:6.0:*:*:*:*:*:*:*
ibmspss_data_collection6.0.1cpe:2.3:a:ibm:spss_data_collection:6.0.1:*:*:*:*:*:*:*
ibmspss_dimensions5.5cpe:2.3:a:ibm:spss_dimensions:5.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	spss_data_collection	5.6	cpe:2.3:a:ibm:spss_data_collection:5.6:::::::*
ibm	spss_data_collection	6.0	cpe:2.3:a:ibm:spss_data_collection:6.0:::::::*
ibm	spss_data_collection	6.0.1	cpe:2.3:a:ibm:spss_data_collection:6.0.1:::::::*
ibm	spss_dimensions	5.5	cpe:2.3:a:ibm:spss_dimensions:5.5:::::::*

References

secunia.com/advisories/47565

www-01.ibm.com/support/docview.wss?uid=swg21577956

exchange.xforce.ibmcloud.com/vulnerabilities/72121

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.88

Percentile

98.7%

JSON

Related for CVE-2012-0190