Heap-based Buffer Overflow in IBM Rational ClearQuest Ole API
CVE-2012-0708

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Clearquest
Vendor: CVE Published:; 22 April 2012

Summary

This vulnerability arises from a heap-based buffer overflow in the Ole API within the CQOle ActiveX control found in cqole.dll of IBM Rational ClearQuest. By exploiting a mismatch in the function prototype for RegisterSchemaRepoFromFileByDbSet, remote attackers can craft specially designed web pages that, when accessed, allow for the execution of arbitrary code on the affected systems, potentially compromising the integrity and security of user data.

References

http://www.securitytracker.com/id?1026958

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/73492

vdb-entryx_refsource_XF

http://osvdb.org/81443

vdb-entryx_refsource_OSVDB

EPSS Score

66% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 22, 2012
Vulnerability Reserved
Jan 17, 2012