Vulnerability Description
The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Rational System Architect | <= 11.4.0.2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/43399Vendor Advisory
- http://secunia.com/advisories/43474Vendor Advisory
- http://securitytracker.com/id?1025464Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/47643Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2011/1129Vendor Advisory
- https://www.ibm.com/support/docview.wss?uid=swg21497689PatchVendor Advisory
- http://secunia.com/advisories/43399Vendor Advisory
- http://secunia.com/advisories/43474Vendor Advisory
- http://securitytracker.com/id?1025464Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/47643Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2011/1129Vendor Advisory
- https://www.ibm.com/support/docview.wss?uid=swg21497689PatchVendor Advisory
FAQ
What is CVE-2011-1207?
CVE-2011-1207 is a vulnerability with a CVSS score of 9.3 (HIGH). The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly...
How severe is CVE-2011-1207?
CVE-2011-1207 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1207?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Rational System Architect.