SAINT CorporationSAINT:E6609F7C64D124B314778D38D2C0FB2DIBM SPSS SamplePower c1sizer ActiveX Control Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%
Added: 06/09/2013
CVE: CVE-2012-5946
BID: 59559
OSVDB: 92845
Background
SPSS (Statistical Package for the Social Sciences) is a computer application that provides statistical analysis of data. It allows for in-depth data access and preparation, analytical reporting, graphics and modelling. SamplePower is a stand-alone product designed to work seamlessly with SPSS. It allows researchers to compare the effects of different study parameters, such as sample size, using analytical tools before beginning the study.
Problem
IBM SPSS SamplePower 3.0 and earlier ship with an ActiveX control (**c1sizer.ocx**) that does not properly check the data size when handling the **TabCaption** buffer. A remote attacker could exploit this vulnerability to cause a heap buffer overflow that could allow arbitrary remote code execution.
Resolution
Download and install IBM SamplePower 3.0 FP1 as referenced in IBM Security Bulletin IBM SPSS SamplePower c1sizer ActiveX control vulnerability (CVE-2012-5946).
References
<http://www.zerodayinitiative.com/advisories/ZDI-13-101/>
<http://www-01.ibm.com/support/docview.wss?uid=swg21635476>
Limitations
This exploit was tested against IBM SPSS SamplePower 3.0 on Windows XP SP3 English (DEP OptIn).
The user must open the exploit in Internet Explorer 8 on the target machine.
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%