Stack-based Buffer Overflow in IBM Tivoli Provisioning Manager Express
CVE-2012-0198

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Provisioning Manager Express For Software Distribution
Vendor: CVE Published:; 6 March 2012

What is CVE-2012-0198?

A stack-based buffer overflow vulnerability exists in the RunAndUploadFile method of the Isig.isigCtl.1 ActiveX control within IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1. This flaw allows remote attackers to execute arbitrary code by exploiting certain vectors related to an Asset Information file, potentially compromising the affected system's integrity.

References

http://www.zerodayinitiative.com/advisories/ZDI-12-040/

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/73033

vdb-entryx_refsource_XF

EPSS Score

64% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2012
Vulnerability Reserved
Dec 14, 2011