CVE-2012-0708

Published Apr 22, 2012

Last updated 7 years ago

CVSS info 9.3

Overview

Description: Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C645C62-6794-421E-882C-ECA92B33C3D8"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AB4DB93-26A7-4B5E-ACF5-B8D95AC31566"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F74EBAA-8A68-4F20-B14D-D1A77D57BC38"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10A1A052-179D-411F-A214-EF2AF7E5F0F5"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "230908F8-95CB-4273-BA32-0987145E5FDD"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0201EFB5-9673-4C78-938A-C7BF769F5553"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F1C1C0A-B403-44C5-B7BD-BC9466CB2848"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0A7179A-2421-454C-8A58-EFB1BB7150BC"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FEA9B29-2A30-46D1-B778-CE7822CEA972"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "941C4C5A-DD11-436B-86D4-BC564E9C6B57"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E538615-12E6-4CDF-8B32-A66CD35D98AE"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F31399A6-5B53-46C1-B4CB-858360CFF133"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C0E641C-D2BA-4C9B-94E8-4A13926146E5"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A51113A6-1744-47E6-8245-C0E33D39C789"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References