CVE-2012-0198 - Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in

CVE-2012-0198

Summary

Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.

References

Vulnerable Configurations

cpe:2.3:a:ibm:tivoli_provisioning_manager_express_for_software_distribution:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_provisioning_manager_express_for_software_distribution:4.1.1:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 29-08-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

misc	http://www.zerodayinitiative.com/advisories/ZDI-12-040/
xf	tpme-isigisigctl1-bo(73033)

saint via4

bid	52252
description	Tivoli Provisioning Manager Express ActiveX RunAndUploadFile vulnerability
id	misc_tivolipmever
osvdb	79735
title	tivoli_prov_mgr_runanduploadfile
type	client

Last major update

29-08-2017 - 01:30

Published

06-03-2012 - 04:18

Last modified

29-08-2017 - 01:30