Vulnerability Details CVE-2012-0708
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.666
EPSS Ranking 98.4%
CVSS Severity
CVSS v2 Score 9.3
References
- http://osvdb.org/81443
- http://secunia.com/advisories/48933
- http://www.ibm.com/support/docview.wss?uid=swg21591705
- http://www.securityfocus.com/bid/53170
- http://www.securitytracker.com/id?1026958
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73492
- http://osvdb.org/81443
- http://secunia.com/advisories/48933
- http://www.ibm.com/support/docview.wss?uid=swg21591705
- http://www.securityfocus.com/bid/53170
- http://www.securitytracker.com/id?1026958
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73492
Products affected by CVE-2012-0708
-
cpe:2.3:a:ibm:rational_clearquest:7.1.1
-
cpe:2.3:a:ibm:rational_clearquest:7.1.1.1
-
cpe:2.3:a:ibm:rational_clearquest:7.1.1.2
-
cpe:2.3:a:ibm:rational_clearquest:7.1.1.3
-
cpe:2.3:a:ibm:rational_clearquest:7.1.1.4
-
cpe:2.3:a:ibm:rational_clearquest:7.1.2
-
cpe:2.3:a:ibm:rational_clearquest:7.1.2.1
-
cpe:2.3:a:ibm:rational_clearquest:7.1.2.2
-
cpe:2.3:a:ibm:rational_clearquest:7.1.2.3
-
cpe:2.3:a:ibm:rational_clearquest:7.1.2.4
-
cpe:2.3:a:ibm:rational_clearquest:7.1.2.5
-
cpe:2.3:a:ibm:rational_clearquest:7.1.2.6
-
cpe:2.3:a:ibm:rational_clearquest:8.0.0
-
cpe:2.3:a:ibm:rational_clearquest:8.0.0.1