Remote Code Execution Risk in IBM SPSS SamplePower ActiveX Control
CVE-2012-0189

Currently unrated

Key Information:

Vendor: IBM
Status: Spss Samplepower
Vendor: CVE Published:; 18 January 2012

What is CVE-2012-0189?

The VsVIEW6 ActiveX control in IBM SPSS SamplePower 3.0 contains multiple unspecified vulnerabilities in the PrintFile and SaveDoc methods. These flaws permit remote attackers to exploit crafted HTML documents, potentially enabling the execution of arbitrary code on the affected system. Users of this product are advised to review their configurations and apply any available updates to mitigate these risks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/72119

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=swg21577951

x_refsource_CONFIRM

http://secunia.com/advisories/47605

third-party-advisoryx_refsource_SECUNIA

EPSS Score

8% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 18, 2012
Vulnerability Reserved
Dec 14, 2011