Vulnerabilities > CVE-2011-1207 - Incorrect Authorization vulnerability in IBM Rational System Architect
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id DATA_DYNAMICS_ACTIVEBAR_ACTIVEX.NASL description One or more of the Data Dynamics ActiveBar ActiveX controls installed on the remote Windows host is affected by a code execution vulnerability due to unspecified issues in the last seen 2020-06-01 modified 2020-06-02 plugin id 54841 published 2011-05-27 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/54841 title Data Dynamics ActiveBar ActiveX Controls Code Execution NASL family Windows NASL id SMB_KB_2562937.NASL description The remote Windows host is missing a list of kill bits for ActiveX controls that are known to contain vulnerabilities. If these ActiveX controls are ever installed on the remote host, either now or in the future, they would expose it to various security issues. Note that the affected controls are from third-party vendors that have asked Microsoft to prevent their controls from being run in Internet Explorer. last seen 2020-06-01 modified 2020-06-02 plugin id 55802 published 2011-08-10 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55802 title MS 2562937: Update Rollup for ActiveX Kill Bits (2562937)
References
- http://secunia.com/advisories/43399
- http://secunia.com/advisories/43474
- http://securitytracker.com/id?1025464
- http://www.securityfocus.com/bid/47643
- http://www.vupen.com/english/advisories/2011/1129
- https://www.ibm.com/support/docview.wss?uid=swg21497689
- http://secunia.com/advisories/43399
- https://www.ibm.com/support/docview.wss?uid=swg21497689
- http://www.vupen.com/english/advisories/2011/1129
- http://www.securityfocus.com/bid/47643
- http://securitytracker.com/id?1025464
- http://secunia.com/advisories/43474