Security Bulletin: IBM SPSS SamplePower c1sizer ActiveX control vulnerability (CVE-2012-5946)

Abstract There is a security vulnerability with the c1sizer ActiveX control shipped by IBM SPSS SamplePower Version 3. The vulnerability allow remote attackers to execute arbitrary code on installations of SamplePower when the control is invoked as ActiveX by Microsoft Internet Explorer. Content...

IBM SPSS SamplePower c1sizer ActiveX Control Vulnerability

Added: 06/09/2013 CVE: CVE-2012-5946 BID: 59559 OSVDB: 92845 Background SPSS Statistical Package for the Social Sciences is a computer application that provides statistical analysis of data. It allows for in-depth data access and preparation, analytical reporting, graphics and modelling...

DSquare Exploit Pack: D2SEC_C1SIZER

Name| d2secc1sizer ---|--- CVE| CVE-2012-5946 Exploit Pack| D2ExploitPack Description| IBM SPSS SamplePower c1sizer ActiveX Buffer Overflow Vulnerability Notes|...

Buffer overflow

Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string...

CVE-2012-5946

CVE-2012-5946 affects IBM SPSS SamplePower 3.0 (c1sizer.ocx) where the C1Tab ActiveX control triggers a heap/buffer overflow when handling the TabCaption string, allowing remote code execution. The IBM advisory details that the overflow occurs due to unsafe concatenation (lstrcatA) in TabCaption ...