SAINT CorporationSAINT:05D0D59CE308483ECBA2C741F73349EBIBM Rational ClearQuest CQOle ActiveX
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.953 High
EPSS
Percentile
99.4%
Added: 05/30/2012
CVE: CVE-2012-0708
BID: 53170
OSVDB: 81443
Background
Rational ClearQuest is an enterprise workflow automation tool. It functions as a bug tracking tool and can act as a CRM or process tracker.
Problem
The ClearQuest web client installs ActiveX modules on the client system. These modules are usable by any website that the user visits. The RegisterSchemaRepoFromFileByDbSe method of the CLEARQUEST.SESSION ActiveX object does not properly sanitize its parameters. Passing an overly long parameter will result in an exploitable heap overflow condition.
Resolution
Upgrade to version 7.1.1.9, 7.1.2.6, or 8.0.0.2, or higher.
References
<http://www-01.ibm.com/support/docview.wss?uid=swg21591705>
Limitations
This exploit has been tested against IBM Rational ClearQuest 7.1.2 on Windows XP SP3 English (DEP OptIn) using Internet Explorer 7.
Platforms
Windows
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.953 High
EPSS
Percentile
99.4%