IBM Rational ClearQuest CQOle ActiveX

2012-05-30T00:00:00
ID SAINT:371BF13BC6E7DF4A3D9A0C6C017AA987
Type saint
Reporter SAINT Corporation
Modified 2012-05-30T00:00:00

Description

Added: 05/30/2012
CVE: CVE-2012-0708
BID: 53170
OSVDB: 81443

Background

Rational ClearQuest is an enterprise workflow automation tool. It functions as a bug tracking tool and can act as a CRM or process tracker.

Problem

The ClearQuest web client installs ActiveX modules on the client system. These modules are usable by any website that the user visits. The RegisterSchemaRepoFromFileByDbSe method of the CLEARQUEST.SESSION ActiveX object does not properly sanitize its parameters. Passing an overly long parameter will result in an exploitable heap overflow condition.

Resolution

Upgrade to version 7.1.1.9, 7.1.2.6, or 8.0.0.2, or higher.

References

<http://www-01.ibm.com/support/docview.wss?uid=swg21591705>

Limitations

This exploit has been tested against IBM Rational ClearQuest 7.1.2 on Windows XP SP3 English (DEP OptIn) using Internet Explorer 7.

Platforms

Windows