Lucene search
Andrea Micalizzi aka rgodZDI-12-113HistoryJun 28, 2012 - 12:00 a.m.
IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerability
2012-06-2800:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
20
0.953 High
EPSS
Percentile
99.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational ClearQuest. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CQOle ActiveX control. A function prototype mismatch in an ActiveX wrapper results in an extra argument to be pushed onto the stack, thereby misaligning the stack offset. When the function returns, it can be made to jump to a memory address provided via the ActiveX method call. This can be leveraged to execute arbitrary code under the context of the user running the browser.
Related
saint
saint
IBM Rational ClearQuest CQOle ActiveX
2012-05-30 00:00:00
IBM Rational ClearQuest CQOle ActiveX
2012-05-30 00:00:00
IBM Rational ClearQuest CQOle ActiveX
2012-05-30 00:00:00
cve
cve
CVE-2012-0708
2012-04-22 18:55:03
nvd
nvd
CVE-2012-0708
2012-04-22 18:55:03
packetstorm
packetstorm
IBM Rational ClearQuest CQOle Remote Code Execution
2012-07-03 00:00:00
seebug
seebug
checkpoint_advisories
checkpoint_advisories
IBM Rational ClearQuest CQOle ActiveX Code Execution (CVE-2012-0708)
2012-07-02 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_CLEARQUEST
2012-04-22 18:55:00
ibm
ibm
prion
prion
Heap overflow
2012-04-22 18:55:00
cvelist
cvelist
CVE-2012-0708
2012-04-22 18:00:00
