Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME
 
Security Dashboard | US-CERTs | SecurityFocus | Advisories | Exploits | Threats | Vulnerabilities | Risks
Network Security Consulting Advisories Article

IBM Rational ClearQuest 'cqole.dll' ActiveX Control Heap Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/53170

Security Info

Bugtraq ID: 53170
Class: Boundary Condition Error
CVE: CVE-2012-0708
Remote: Yes
Local: No
Published: Apr 19 2012 12:00AM
Updated: Jun 29 2012 10:30AM
Credit: Andrea Micalizzi
Vulnerable: IBM IBM Rational ClearQuest 7.1.1
IBM IBM Rational ClearQuest 8.0.0.1
IBM IBM Rational ClearQuest 8.0
IBM IBM Rational ClearQuest 7.1.2.5
Not Vulnerable: IBM IBM Rational ClearQuest 8.0.0.2
IBM IBM Rational ClearQuest 7.1.2.6
IBM IBM Rational ClearQuest 7.1.1.9

Security Discussion

IBM Rational ClearQuest is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application, typically Internet Explorer, that uses the affected ActiveX control. Failed attacks will likely cause denial-of-service conditions.

IBM Rational ClearQuest versions 8.0, 8.0.0.1 and 7.1.1 through 7.1.2.5 are vulnerable.

Proof of Concept and Security Exploits

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Security Solution(s)

Solution:
Updates are available. Please contact the vendor for more information.

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated May 26, 2013
©2000-2013 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services