Vulnerability Description
Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Tivoli Provisioning Manager Express For Software Distribution | 4.1.1 |
References
- http://www.zerodayinitiative.com/advisories/ZDI-12-040/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73033
- http://www.zerodayinitiative.com/advisories/ZDI-12-040/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73033
FAQ
What is CVE-2012-0198?
CVE-2012-0198 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to e...
How severe is CVE-2012-0198?
CVE-2012-0198 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0198?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Tivoli Provisioning Manager Express For Software Distribution.