IM
IronMonkey Threat Research

CVE-2011-1207 HIGH

Published: 2011-05-05 | Last Modified: 2026-06-16 | Status: Modified

Description

The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.

Additional Descriptions (1)

El control ActiveX ActiveBar1 de los controles ActiveX Data Dynamics ActiveBar, como se distribuye en ActBar.ocx 1.0.6.5 de IBM Rational System Architect 11.4.0.2, 11.4.0.1 y versiones anteriores, no restringe apropiadamente el método SetLayoutData, lo que permite a atacantes remotos ejecutar código arbitrario a través de un argumento Data modificado. Una vulnerabilidad distinta a la CVE-2007-3883. NOTA: algunos de estos detalles han sido obtenidos de información de terceras partes.

CVSS Metrics

Base Score: 9.3 (HIGH)

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access VectorNETWORK
Access ComplexityMEDIUM
AuthenticationNONE
Confidentiality ImpactCOMPLETE
Integrity ImpactCOMPLETE
Availability ImpactCOMPLETE

Source: [email protected]

Type: Primary

Exploitability Score: 8.6

Impact Score: 10.0

Weaknesses

Source Type Description
[email protected] Primary
en CWE-863

Affected Products

Vendor Product Version Update Type
ibm rational_system_architect * <built-in method update of dict object at 0x72a9b0b6bf00> Application
ibm rational_system_architect 11.3 <built-in method update of dict object at 0x72a9ccd29880> Application
ibm rational_system_architect 11.3.1 <built-in method update of dict object at 0x72a9ccd2ab40> Application
ibm rational_system_architect 11.3.1.1 <built-in method update of dict object at 0x72a9cc5de240> Application
ibm rational_system_architect 11.3.1.2 <built-in method update of dict object at 0x72a9b0b6af40> Application
ibm rational_system_architect 11.3.1.3 <built-in method update of dict object at 0x72a9b0b6b0c0> Application
ibm rational_system_architect 11.4 <built-in method update of dict object at 0x72a9ccd2a9c0> Application
ibm rational_system_architect 11.4.0.1 <built-in method update of dict object at 0x72a9ccd2ba80> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:ibm:rational_system_architect:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:ibm:rational_system_architect:11.3:*:*:*:*:*:*:*
Yes cpe:2.3:a:ibm:rational_system_architect:11.3.1:*:*:*:*:*:*:*
Yes cpe:2.3:a:ibm:rational_system_architect:11.3.1.1:*:*:*:*:*:*:*
Yes cpe:2.3:a:ibm:rational_system_architect:11.3.1.2:*:*:*:*:*:*:*
Yes cpe:2.3:a:ibm:rational_system_architect:11.3.1.3:*:*:*:*:*:*:*
Yes cpe:2.3:a:ibm:rational_system_architect:11.4:*:*:*:*:*:*:*
Yes cpe:2.3:a:ibm:rational_system_architect:11.4.0.1:*:*:*:*:*:*:*

References

Notification
Message here