Security Bulletin: IBM SPSS SamplePower Vsflex8l ActiveX control vulnerability (CVE-2012-5945)

Abstract There is a security vulnerability with the Vsflex8l ActiveX control shipped by IBM SPSS SamplePower Version 3. The vulnerability allows remote attackers to execute arbitrary code on installations of SamplePower when the control is invoked as ActiveX by Microsoft Internet Explorer. Conten...

IBM SPSS SamplePower Vsflex8l ActiveX Control Buffer Overflow (CVE-2012-5945)

A code execution vulnerability exists in the VsVIEW6.ocxActiveX control, which is shipped as part of IBM SPSS SamplePower...

IBM SPSS SamplePower 3.0 < 3.0 FP 1 Multiple ActiveX Controls Arbitrary Code Execution

The remote install of IBM SPSS SamplePower has a vulnerable version of one or more ActiveX controls installed. 'Vsflex8l.ocx', 'c1sizer.ocx', 'vsflex7l .ocx', and 'olch2x32.ocx' ActiveX controls have unspecified arbitrary code execution vulnerabilities, which can be exploited by tricking a user...

CVE-2012-5945

The CVE-2012-5945 issue affects IBM SPSS SamplePower for Windows (Version 3.0) through the Vsflex8l ActiveX control. The root cause is a buffer overflow in the Vsflex8l ActiveX control triggered when a long string is assigned to the ComboList or ColComboList properties, enabling remote code execu...