News
Vigil@nce: SPSS Data Collection, code execution via ActiveX
February 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use two vulnerabilities of ActiveX installed with IBM SPSS Data Collection, in order to execute code on user’s computers.
Severity: 2/4
Creation date: 17/01/2012
IMPACTED PRODUCTS
IBM SPSS Data Collection
DESCRIPTION OF THE VULNERABILITY
The IBM SPSS Data Collection product installs the mraboutb.dll and ExportHTML.dll/ocx ActiveX in the web browser of users. These ActiveX can then be called when the user browses a web site which loads them. However, two vulnerabilities were announced in these ActiveX.
An attacker can generate a buffer overflow in the first parameter of the SetLicenseInfoEx() method of the mraboutb.dll ActiveX, in order to execute code. [severity:2/4; 72118, CVE-2012-0188, spss-mraboutb-activex-code-execution, ZDI-12-019]
An attacker can use the Render() method of the ExportHTML.ocx/dll ActiveX, in order to execute code. [severity:2/4; 72121, CVE-2012-0190, spss-wxporthtml-activex-code-execution]
The ActiveX VsVIEW6 of the product IBM SPSS SamplePower can also be used to execute code. [severity:2/4; CVE-2012-0189, ZDI-12-020]
An attacker can therefore use two vulnerabilities of ActiveX installed with IBM SPSS Data Collection, in order to execute code on user’s computers.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
