Security Bulletin: IBM SPSS SamplePower vsview6 ActiveX Control vulnerabilities (CVE-2012-0189)

Abstract There are multiple security vulnerabilities with the VsVIEW6 ActiveX control shipped by IBM SPSS SamplePower Version 3. The vulnerabilities allow remote attackers to execute arbitrary code on installations of SamplePower when the control is invoked as ActiveX by Microsoft Internet...

ZDI-12-027 : IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-027 : IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-027 February 8, 2012 - -- CVE ID: CVE-2012-0189 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...

IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Code Execution Vulnerabilities (Windows)

This host is installed with IBM SPSS SamplePower and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: gbibmspssactivexcodeexecvuln.nasl 8194 2017-12-20 11:29:51Z cfischer $ IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Code Execution Vulnerabilities Windows...

CVE-2012-0189

IBM SPSS SamplePower 3.0 on Windows is affected by CVE-2012-0189 in the VsVIEW6.ocx ActiveX control (SaveDoc method). The vulnerability allows remote code execution when the ActiveX control is instantiated from Internet Explorer; exploitation requires user interaction (visiting a malicious page o...