Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-1207

Опубликовано: 05 мая 2011
Источник: nvd
CVSS2: 9.3
EPSS Низкий

Описание

The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:rational_system_architect:*:*:*:*:*:*:*:*
Версия до 11.4.0.2 (включая)
cpe:2.3:a:ibm:rational_system_architect:11.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_system_architect:11.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_system_architect:11.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_system_architect:11.3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_system_architect:11.3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_system_architect:11.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_system_architect:11.4.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 90%
0.05337
Низкий

9.3 Critical

CVSS2

Дефекты

CWE-863

Связанные уязвимости

github логотип

GHSA-3fqj-ghhc-c98j

github
больше 3 лет назад

The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.

EPSS

Процентиль: 90%
0.05337
Низкий

9.3 Critical

CVSS2

Дефекты

CWE-863