Buffer Overflow in IBM SPSS SamplePower ActiveX Control
CVE-2014-0895

Currently unrated

Key Information:

Vendor: IBM
Status: Spss Samplepower
Vendor: CVE Published:; 16 March 2014

What is CVE-2014-0895?

A buffer overflow vulnerability exists in the vsflex8l ActiveX control in IBM SPSS SamplePower version 3.0.1 prior to fix pack 1. This flaw allows remote attackers to execute arbitrary code by sending a specially crafted value to the ComboList property. This could enable attackers to compromise the affected system, leading to unauthorized access and potential exploitation.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21666790

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/91314

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1PI09800

vendor-advisoryx_refsource_AIXAPAR

EPSS Score

12% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2014
Vulnerability Reserved
Jan 6, 2014