ID CVE-2012-0198
Summary Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:tivoli_provisioning_manager_express_for_software_distribution:4.1.1
    cpe:2.3:a:ibm:tivoli_provisioning_manager_express_for_software_distribution:4.1.1
CVSS
Base: 9.3 (as of 06-03-2012 - 13:20)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploadFile() Method Overflow. CVE-2012-0198. Remote exploit fo...
id EDB-ID:18727
last seen 2016-02-02
modified 2012-04-10
published 2012-04-10
reporter metasploit
source https://www.exploit-db.com/download/18727/
title IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 - ActiveX RunAndUploadFile Method Overflow
metasploit via4
description This module exploits a buffer overflow vulnerability in the Isig.isigCtl.1 ActiveX installed with IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1. The vulnerability is found in the "RunAndUploadFile" method where the "OtherFields" parameter with user controlled data is used to build a "Content-Disposition" header and attach contents in an insecure way which allows to overflow a buffer in the stack.
id MSF:EXPLOIT/WINDOWS/BROWSER/IBM_TIVOLI_PME_ACTIVEX_BOF
last seen 2019-03-20
modified 2017-10-05
published 2012-04-09
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb
title IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploadFile() Method Overflow
nessus via4
NASL family Windows
NASL id TIVOLI_PROVISIONING_MANAGER_EXPRESS_ACTIVEX_RUNANDUPLOADFILE_BOF.NASL
description The remote host has the IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX control installed. This control fails to properly parse data supplied to the 'RunAndUploadFile()' function due to an unsafe call to 'strcat', which can lead to a stack-based buffer overflow. By tricking a user into opening a specially crafted web page, a remote, unauthenticated attacker could execute arbitrary code on the remote host subject to the user's privileges.
last seen 2019-02-21
modified 2018-11-15
plugin id 58389
published 2012-03-19
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=58389
title IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploadFile Method Boundary Error Remote Overflow
packetstorm via4
data source https://packetstormsecurity.com/files/download/111680/ibm_tivoli_pme_activex_bof.rb.txt
id PACKETSTORM:111680
last seen 2016-12-05
published 2012-04-10
reporter rgod
source https://packetstormsecurity.com/files/111680/IBM-Tivoli-Provisioning-Manager-Express-Overflow.html
title IBM Tivoli Provisioning Manager Express Overflow
refmap via4
misc http://www.zerodayinitiative.com/advisories/ZDI-12-040/
xf tpme-isigisigctl1-bo(73033)
saint via4
bid 52252
description Tivoli Provisioning Manager Express ActiveX RunAndUploadFile vulnerability
id misc_tivolipmever
osvdb 79735
title tivoli_prov_mgr_runanduploadfile
type client
Last major update 06-03-2012 - 00:00
Published 05-03-2012 - 23:18
Last modified 28-08-2017 - 21:30
Back to Top