IBM Rational Rhapsody BB FlashBack SDK ActiveX Control Remote Code Execution VUlnerabilities

IBM Rational Rhapsody BB FlashBack SDK ActiveX Control Remote Code Execution Vulnerabilities. Successful exploitation will allow attacker to execution of arbitrary code. Impact Level: Applicatio

Reporter	Title	Published	Views	Family All 28
Tenable Nessus	Blueberry FlashBack SDK 'BB FlashBack Recorder.dll' Remote Code Execution	30 Jan 201200:00	–	nessus
Tenable Nessus	MS 2647518: Update Rollup for ActiveX Kill Bits (2647518)	13 Mar 201200:00	–	nessus
Check Point Advisories	IBM Rational Rhapsody BBFlashBack.Recorder.dll Multiple Code Execution (CVE-2011-1388)	10 May 201200:00	–	checkpoint_advisories
CVE	CVE-2011-1388	23 Dec 201122:00	–	cve
CVE	CVE-2011-1391	23 Dec 201122:00	–	cve
CVE	CVE-2011-1392	23 Dec 201122:00	–	cve
Cvelist	CVE-2011-1388	23 Dec 201122:00	–	cvelist
Cvelist	CVE-2011-1391	23 Dec 201122:00	–	cvelist
Cvelist	CVE-2011-1392	23 Dec 201122:00	–	cvelist
IBM Security Bulletins	Security Bulletin: Rational Rhapsody for Windows Blueberry FlashBack ActiveX Control vulnerabilities (CVE-2011-1388, CVE-2011-1391, CVE-2011-1392)	27 May 202220:02	–	ibm

Source	Link
xforce	www.xforce.iss.net/xforce/xfdb/71803
secunia	www.secunia.com/advisories/47310
secunia	www.secunia.com/advisories/47286
securelist	www.securelist.com/en/advisories/47310
www-01	www.www-01.ibm.com/support/docview.wss

###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_ibm_rational_rhapsody_activex_code_exec_vuln.nasl 5367 2017-02-20 14:16:52Z cfi $
#
# IBM Rational Rhapsody BB FlashBack SDK ActiveX Control Remote Code Execution VUlnerabilities
#
# Authors:
# Rachana Shetty <[email protected]>
#
# Copyright:
# Copyright (c) 2011 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation will allow attacker to execution of arbitrary code.
  Impact Level: Application";
tag_affected = "IBM Rational Rhapsody version prior to 7.6.1";
tag_insight = "The flaws are due to erros in the BB FlashBack ActiveX control
  (BBFlashBack.Recorder.dll) within the FBRecorder class when handling the
  'Start()', 'PauseAndSave()', 'InsertMarker()', 'InsertSoundToFBRAtMarker()'
  and 'TestCompatibilityRecordMode()' methods.";
tag_solution = "Upgrade to IBM Rational Rhapsody versions 7.6.1 or later
  For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg21576352";
tag_summary = "This host is installed with IBM Rational Rhapsody and is prone to
  remote code execution vulnerabilities.";

if(description)
{
  script_id(902655);
  script_version("$Revision: 5367 $");
  script_cve_id("CVE-2011-1388", "CVE-2011-1391", "CVE-2011-1392");
  script_bugtraq_id(51184);
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"$Date: 2017-02-20 15:16:52 +0100 (Mon, 20 Feb 2017) $");
  script_tag(name:"creation_date", value:"2011-12-29 15:57:58 +0530 (Thu, 29 Dec 2011)");
  script_name("IBM Rational Rhapsody BB FlashBack SDK ActiveX Control Remote Code Execution VUlnerabilities");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/47310");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/47286");
  script_xref(name : "URL" , value : "http://xforce.iss.net/xforce/xfdb/71803");
  script_xref(name : "URL" , value : "http://www.securelist.com/en/advisories/47310");
  script_xref(name : "URL" , value : "http://www-01.ibm.com/support/docview.wss?uid=swg21576352");

  script_tag(name:"qod_type", value:"registry");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 SecPod");
  script_family("General");
  script_dependencies("secpod_reg_enum.nasl");
  script_mandatory_keys("SMB/WindowsVersion");
  script_require_ports(139, 445);
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  exit(0);
}


include("smb_nt.inc");
include("version_func.inc");
include("secpod_smb_func.inc");

if(!get_kb_item("SMB/WindowsVersion")){
  exit(0);
}

## Get version from Registry
key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
if(!registry_key_exists(key:key)){
  exit(0);
}

foreach item (registry_enum_keys(key:key))
{
  ibmrrName = registry_get_sz(key:key + item, item:"DisplayName");
  if("IBM Rational Rhapsody" >< ibmrrName)
  {
    ibmrrVer = registry_get_sz(key:key + item, item:"DisplayVersion");

    if(ibmrrVer != NULL)
    {
      ## Check for IBM Rational Rhapsody version
      if(version_is_less(version:ibmrrVer, test_version:"7.6.1"))
      {
        security_message(0);
        exit(0);
      }
    }
  }
}

20 Feb 2017 00:00Current

1.1Low risk

Vulners AI Score1.1

EPSS0.02089