CVE-2012-1241

2012-04-1616:00:00

jpcert

www.cve.org

AI Score

7.2

Confidence

High

EPSS

0.012

Percentile

85.1%

JSON

GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document.

References

blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-list/47170

jvn.jp/en/jp/JVN33283707/index.html

jvndb.jvn.jp/jvndb/JVNDB-2012-000031

secunia.com/advisories/48811

www.securityfocus.com/bid/53011

exchange.xforce.ibmcloud.com/vulnerabilities/74866