IBM SPSS SamplePower Vsflex7l.ocx ActiveX ComboList Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS SamplePower. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Vsflex7l.ocx ActiveX Control. This component performs insufficient bounds checking on user-supplied data passed into the ComboList or ColComboList methods which results in memory corruption. This vulnerability can be leveraged by an attacker to execute code under the context of the user.