Summary
This host is installed with IBM SPSS SamplePower and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control. Failed attempts will likely result in denial of service conditions.
Impact Level: System/Application
Solution
Upgrade to IBM SPSS SamplePower version 3.0 FP1 (3.0.0.1) or later, For updates refer to http://www.ibm.com
Insight
Multiple flaws due to,
- Unspecified error in the vsflex7l ActiveX control.
- Unspecified flaw in the olch2x32 ActiveX control.
- Error when handling the 'ComboList' or 'ColComboList' in Vsflex8l ActiveX control.
- Error when handling the 'TabCaption' buffer in c1sizer ActiveX control.
Affected
IBM SPSS SamplePower version 3.0 and prior
References
- http://secunia.com/advisories/53234
- http://www.ibm.com/support/docview.wss?uid=swg21635476
- http://www.ibm.com/support/docview.wss?uid=swg21635503
- http://www.ibm.com/support/docview.wss?uid=swg21635511
- http://www.ibm.com/support/docview.wss?uid=swg21635515
- http://www.osvdb.org/92814
- http://www.osvdb.org/92844
- http://www.osvdb.org/92845
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2012-5945, CVE-2012-5946, CVE-2012-5947, CVE-2013-0593 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Media Server Multiple Remote Security Vulnerabilities
- Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
- Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
- Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Mac OS X)