Lucene search

IbmCVE-2012-5946

HistoryApr 30, 2013 - 3:33 a.m.

CVE-2012-5946

2013-04-3003:33:41

CWE-119

ibm

web.nvd.nist.gov

109

cve-2012-5946

buffer overflow

c1sizer

activex control

ibm spss samplepower 3.0

remote code execution

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.965

Percentile

99.6%

JSON

Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string.

Affected configurations

Nvd

Node

ibmspss_samplepowerMatch3.0.0.0

VendorProductVersionCPE
ibmspss_samplepower3.0.0.0cpe:2.3:a:ibm:spss_samplepower:3.0.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	spss_samplepower	3.0.0.0	cpe:2.3:a:ibm:spss_samplepower:3.0.0.0:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21635476

exchange.xforce.ibmcloud.com/vulnerabilities/80562

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.965

Percentile

99.6%

JSON

Related for CVE-2012-5946