CVE-2012-0708Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2012-0708 | First vendor Publication | 2012-04-22 |
| Vendor | Cve | Last vendor Modification | 2012-04-23 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0708 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| IBM Rational ClearQuest CQOle ActiveX | More info here |
Metasploit Database
| id | Description |
|---|---|
| 2012-05-19 | IBM Rational ClearQuest CQOle Remote Code Execution |
Internal Sources (Detail)
| Source | Url |
|---|---|
| CONFIRM | http://www.ibm.com/support/docview.wss?uid=swg21591705 |
| XF | http://xforce.iss.net/xforce/xfdb/73492 |
Alert History
| Date | Informations |
|---|---|
| 2013-05-10 22:33:37 |
|
