Stack-based Buffer Overflow in IBM SPSS Statistics
CVE-2015-8530
6.5MEDIUM
Summary
The IBM SPSS Statistics software contains a stack-based buffer overflow vulnerability within the Initialize function of an ActiveX control. This flaw allows remote authenticated users to exploit the software by passing excessively long arguments, which can lead to arbitrary code execution. The affected versions include various releases of IBM SPSS Statistics from version 19 up to version 24, if not updated to the specified post-fix releases. Users should ensure their software is patched to protect against potential exploitation.
References
EPSS Score
57% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved