Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-1207

The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.

Published

2011-05-05T02:39:46.057

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	rational_system_architect	≤ 11.4.0.2	Yes
Application	ibm	rational_system_architect	11.3	Yes
Application	ibm	rational_system_architect	11.3.1	Yes
Application	ibm	rational_system_architect	11.3.1.1	Yes
Application	ibm	rational_system_architect	11.3.1.2	Yes
Application	ibm	rational_system_architect	11.3.1.3	Yes
Application	ibm	rational_system_architect	11.4	Yes
Application	ibm	rational_system_architect	11.4.0.1	Yes

References

http://secunia.com/advisories/43399 Vendor Advisory ([email protected])
http://secunia.com/advisories/43474 Vendor Advisory ([email protected])
http://securitytracker.com/id?1025464 Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/47643 Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2011/1129 Vendor Advisory ([email protected])
https://www.ibm.com/support/docview.wss?uid=swg21497689 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/43399 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43474 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1025464 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/47643 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/1129 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/docview.wss?uid=swg21497689 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)