IBM Rational Rhapsody BB FlashBack SDK ActiveX Control Remote Code Execution VUlnerabilities Network Vulnerability

Summary

This host is installed with IBM Rational Rhapsody and is prone to remote code execution vulnerabilities.

Impact

Successful exploitation will allow attacker to execution of arbitrary code. Impact Level: Application

Solution

Upgrade to IBM Rational Rhapsody versions 7.6.1 or later For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg21576352

Insight

The flaws are due to erros in the BB FlashBack ActiveX control (BBFlashBack.Recorder.dll) within the FBRecorder class when handling the 'Start()', 'PauseAndSave()', 'InsertMarker()', 'InsertSoundToFBRAtMarker()' and 'TestCompatibilityRecordMode()' methods.

Affected

IBM Rational Rhapsody version prior to 7.6.1

References

http://secunia.com/advisories/47286
http://secunia.com/advisories/47310
http://www-01.ibm.com/support/docview.wss?uid=swg21576352
http://www.securelist.com/en/advisories/47310
http://xforce.iss.net/xforce/xfdb/71803

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1388, CVE-2011-1391, CVE-2011-1392

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)
Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)
Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Windows)

Take action and discover your vulnerabilities