Remote Code Execution Vulnerability in IBM SPSS SamplePower ActiveX Control
CVE-2013-6724

Currently unrated

Key Information:

Vendor: IBM
Status: Spss Samplepower
Vendor: CVE Published:; 1 February 2014

What is CVE-2013-6724?

A vulnerability exists in the vsflex8l ActiveX control within IBM SPSS SamplePower version 3.0.1 and earlier. This flaw may allow remote attackers to execute arbitrary code by supplying a specially crafted value to the ComboList property. Unpatched installations of this software are at risk, exposing users to potential exploit scenarios that can lead to unauthorized execution of commands on the host system.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/89279

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21663250

x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2014
Vulnerability Reserved
Nov 8, 2013