Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2012-0708 | First vendor Publication | 2012-04-22 |
Vendor | Cve | Last vendor Modification | 2017-12-19 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0708 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
IBM Rational ClearQuest CQOle ActiveX | More info here |
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-14 | ClearQuest session ActiveX control access RuleID : 36892 - Revision : 1 - Type : BROWSER-PLUGINS |
2016-03-14 | ClearQuest session ActiveX control access RuleID : 36891 - Revision : 1 - Type : BROWSER-PLUGINS |
2014-01-10 | ClearQuest session ActiveX control access RuleID : 25005 - Revision : 9 - Type : BROWSER-PLUGINS |
2014-01-10 | ClearQuest session ActiveX control access RuleID : 25004 - Revision : 5 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-05-29 | Name : The remote Windows host has an application installed that is affected by mult... File : ibm_rational_clearquest_maintenance_tool_sql_injection.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:19:16 |
|
2021-04-22 01:23:00 |
|
2020-05-23 13:16:59 |
|
2020-05-23 00:32:55 |
|
2017-12-19 09:22:08 |
|
2017-08-29 09:23:42 |
|
2015-03-13 13:24:49 |
|
2014-01-19 21:28:29 |
|
2013-05-10 22:33:37 |
|