Summary
This host is installed with IBM SPSS SamplePower and is prone to buffer overflow vulnerability.
Impact
Successful exploitation could allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control.
Failed exploit attempts will likely result in denial-of-service conditions.
Impact Level: System/Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
A workaround is to disable the use of the vulnerable ActiveX control within Internet Explorer or Set the killbit for the following CLSID {6E84D662-9599-11D2-9367-20CC03C10627}. For more info please refer the below link, http://support.microsoft.com/kb/240797
Insight
Multiple flaws are due to unspecified errors in the VsVIEW6 ActiveX Control (VsVIEW6.ocx) when handling the 'SaveDoc()' and 'PrintFile()' methods.
Affected
IBM SPSS SamplePower version 3.0
References
Severity
Classification
-
CVE CVE-2012-0189 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
- Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Mac OS X)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)
- Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)