Security Bulletin: IBM SPSS SamplePower vsflex7l ActiveX control vulnerability (CVE-2012-5947)

Abstract There is a security vulnerability with the vsflex7l ActiveX control shipped by IBM SPSS SamplePower Version 3. The vulnerability allows remote attackers to execute arbitrary code on installations of SamplePower when the control is invoked as ActiveX by Microsoft Internet Explorer. Conten...

IBM SPSS SamplePower 3.0 < 3.0 FP 1 Multiple ActiveX Controls Arbitrary Code Execution

The remote install of IBM SPSS SamplePower has a vulnerable version of one or more ActiveX controls installed. 'Vsflex8l.ocx', 'c1sizer.ocx', 'vsflex7l .ocx', and 'olch2x32.ocx' ActiveX controls have unspecified arbitrary code execution vulnerabilities, which can be exploited by tricking a user...

CVE-2012-5947

Buffer overflow in the vsflex7l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2012-5947

IBM SPSS SamplePower 3.0 contains a vsflex7l ActiveX control vulnerability (CVE-2012-5947) that enables remote code execution when the control is invoked by Internet Explorer. The issue arises from insufficient input validation in the ActiveX component, allowing memory corruption and arbitrary co...