Remote Code Execution in IBM SPSS Dimensions and Data Collection ActiveX Control
CVE-2012-0188

Currently unrated

Key Information:

Vendor: IBM
Status: Spss Data Collection; Spss Dimensions
Vendor: CVE Published:; 18 January 2012

Summary

A vulnerability exists in the SetLicenseInfoEx method of the ActiveX control in mraboutb.dll within IBM SPSS Dimensions and SPSS Data Collection. This flaw enables remote attackers to execute arbitrary code on affected systems through specially crafted HTML documents. For users of IBM SPSS Dimensions 5.5 and versions 5.6 to 6.0.1 of SPSS Data Collection, it poses significant security risks if not mitigated.

References

http://secunia.com/advisories/47565

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/72118

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21577956

x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 18, 2012
Vulnerability Reserved
Dec 14, 2011