Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAndrea Micalizzi aka rgodZDI-12-019
HistoryJan 30, 2012 - 12:00 a.m.

IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution Vulnerability

2012-01-3000:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
23

EPSS

0.225

Percentile

96.5%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within SetLicenseInfoEx() method exposed by the mraboutb.dll ActiveX Control. String data supplied to the first parameter (strInstallDir) of SetLicenseInfoEx() is copied into a 256 byte global buffer without first checking the string length. This overflow can be exploited to remotely execute arbitrary code on the target system.

Related

nvd 1
cve 1
securityvulns 2
cvelist 1
prion 1
nvd
nvd
CVE-2012-0188
2012-01-18 20:55:02
cve
cve
CVE-2012-0188
2012-01-18 20:55:02
securityvulns
securityvulns
ZDI-12-019 : IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution Vulnerability
2012-02-13 00:00:00
IBM ActiveX multiple security vulnerabilities
2012-02-13 00:00:00
cvelist
cvelist
CVE-2012-0188
2012-01-18 20:00:00
prion
prion
Design/Logic Flaw
2012-01-18 20:55:00

EPSS

0.225

Percentile

96.5%

JSON
Related for ZDI-12-019
nvd1cve1securityvulns2cvelist1prion1