Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9D0FFD86CD62C138CAA1B8F14847D57099916F395CC9116CF3A2C3451A5AB185
HistoryJun 17, 2018 - 4:36 a.m.

Security Bulletin: Rational ClearQuest CQOle ActiveX Control Remote Execution Vulnerability (CVE-2012-0708)

2018-06-1704:36:55
www.ibm.com
25

0.953 High

EPSS

Percentile

99.4%

JSON

Summary

A defect has been discovered where an IBM Rational ClearQuest Ole API function can be called with incorrect parameters causing a crash or possible execution of attack code.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

  • Follow this link for more information (requires login with your IBM ID)
    β€”|β€”

CVE ID: CVE-2012-0708

Description: A defect has been discovered where a ClearQuest Ole API function can be called with incorrect parameters causing a crash or possible execution of attack code. All versions of ClearQuest are affected. This affects only Windows platforms.

In order to be affected, the machine must have ClearQuest .dll files installed. These files are installed on a Microsoft Windows machine if any of the components of the ClearQuest installation are installed on a machine. This includes the following:

  • ClearQuest Client (Eclipse-based)
  • ClearQuest Client for Windows (Microsoft MFC-based)
  • ClearQuest Web Server or server components

Machines which do not have any ClearQuest .dll files installed on them are not impacted. This includes using a browser to run the ClearQuest Web Client. The ClearQuest Web Server is the machine that has the .dll files installed on them. The machine running the browser which accesses the ClearQuest Web Server is not impacted, unless that browser’s machine also has run a ClearQuest product installation and installed any ClearQuest components on that machine.

CVSS Base Score: 9.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73492&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Affected Products and Versions

Any supported Microsoft Windows platform.

Remediation/Fixes

Upgrade to one of the following releases:

Workarounds and Mitigations

Workaround:

This vulnerability does not exist on UNIX or Linux platforms.

Mitigation:

Do not run untrusted applications on the machine.

Configure browsers to not allow ActiveX controls to run.

Related

zdi 1
saint 4
cve 1
nvd 1
packetstorm 1
seebug 1
checkpoint_advisories 1
d2 1
prion 1
cvelist 1
nessus 1
zdi
zdi
IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerability
2012-06-28 00:00:00
saint
saint
IBM Rational ClearQuest CQOle ActiveX
2012-05-30 00:00:00
IBM Rational ClearQuest CQOle ActiveX
2012-05-30 00:00:00
IBM Rational ClearQuest CQOle ActiveX
2012-05-30 00:00:00
cve
cve
CVE-2012-0708
2012-04-22 18:55:03
nvd
nvd
CVE-2012-0708
2012-04-22 18:55:03
packetstorm
packetstorm
IBM Rational ClearQuest CQOle Remote Code Execution
2012-07-03 00:00:00
seebug
seebug
IBM Rational ClearQuest 'cqole.dll' ActiveX ζŽ§δ»Άε †ηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž(CVE-2012-0708)
2012-07-04 00:00:00
checkpoint_advisories
checkpoint_advisories
IBM Rational ClearQuest CQOle ActiveX Code Execution (CVE-2012-0708)
2012-07-02 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_CLEARQUEST
2012-04-22 18:55:00
prion
prion
Heap overflow
2012-04-22 18:55:00
cvelist
cvelist
CVE-2012-0708
2012-04-22 18:00:00
nessus
nessus
IBM Rational ClearQuest 7.1.1.x < 7.1.1.9 / 7.1.2.x < 7.1.2.6 / 8.0.0.x < 8.0.0.2 Multiple Vulnerabilities (credentialed check)
2012-05-29 00:00:00

0.953 High

EPSS

Percentile

99.4%

JSON
Related for 9D0FFD86CD62C138CAA1B8F14847D57099916F395CC9116CF3A2C3451A5AB185
zdi1saint4cve1nvd1packetstorm1seebug1checkpoint_advisories1d21prion1cvelist1nessus1