Tivoli Provisioning Manager Express ActiveX RunAndUploadFile vulnerability

2012-04-1300:00:00

SAINT Corporation

my.saintcorporation.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.966

Percentile

99.7%

JSON

Added: 04/13/2012
CVE: CVE-2012-0198
BID: 52252
OSVDB: 79735

Background

Tivoli Provisioning Manager Express for Software Distribution is a software inventory and distribution solution.

Problem

A buffer overflow vulnerability in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control allows arbitrary command execution when a user loads a specially crafted web page.

Resolution

Set the kill bit on the ActiveX control with class ID 84B74E82-3475-420E-9949-773B4FB91771 as described in Microsoft Knowledge Base Article 240797.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-040/>

Limitations

Exploit works on Tivoli Provisioning Manager Express V4.1.1 on Microsoft Windows XP SP3 English (DEP OptIn) and requires a user to load the exploit page in Internet Explorer 8.