HTTP: IBM Rational ClearQuest CQOle ActiveX Code Execution
This signature detects attempts to use unsafe ActiveX controls in IBM Rational ClearQuest. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
IBM Rational ClearQuest is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application, typically Internet Explorer, that uses the affected ActiveX control. Failed attacks will likely cause denial-of-service conditions. IBM Rational ClearQuest versions 8.0, 8.0.0.1 and 7.1.1 through 7.1.2.5 are vulnerable.
Affected Products
Ibm ibm_rational_clearquest
References
BugTraq: 53170
CVE: CVE-2012-0708
URL: http://www.ibm.com/support/docview.wss?uid=swg21591705 http://www-01.ibm.com/support/docview.wss?uid=swg21591705
Short Name
HTTP:STC:ACTIVEX:CLEARQUEST-OLE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CQOle CVE-2012-0708 ClearQuest Code Execution IBM Rational bid:53170
Release Date
04/23/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Ibm
CVSS Score
9.3