HTTP: IBM SPSS SamplePower c1sizer ActiveX Control Buffer Overflow

This signature detects attempts to use unsafe ActiveX controls in IBM SPSS SamplePower. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string.

Affected Products

Ibm spss_samplepower

References

BugTraq: 59559

CVE: CVE-2012-5946

Short Name
HTTP:STC:ACTIVEX:IBM-C1SIZER
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX Buffer CVE-2012-5946 Control IBM Overflow SPSS SamplePower bid:59559 c1sizer
Release Date
08/07/2013
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Ibm

CVSS Score

9.3

Found a potential security threat?