Stack-based Buffer Overflow in IBM SPSS Statistics
CVE-2015-8530

6.5MEDIUM

Key Information:

Vendor
IBM
Status
Spss Statistics
Vendor
CVE Published:
14 May 2016

Summary

The IBM SPSS Statistics software contains a stack-based buffer overflow vulnerability within the Initialize function of an ActiveX control. This flaw allows remote authenticated users to exploit the software by passing excessively long arguments, which can lead to arbitrary code execution. The affected versions include various releases of IBM SPSS Statistics from version 19 up to version 24, if not updated to the specified post-fix releases. Users should ensure their software is patched to protect against potential exploitation.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21982035
x_refsource_CONFIRM
http://www.securityfocus.com/bid/90524
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1035867
vdb-entryx_refsource_SECTRACK

EPSS Score

57% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.