PT-2011-3095 · Blueberry+1 · Blueberry Bb Flashback+1

Andrea Micalizzi

Publicado

2011-12-23

Atualizado

2017-08-17

CVE-2011-1388

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Blueberry BB FlashBack versions prior to 7.6.1 IBM Rational Rhapsody versions prior to 7.6.1

Description The issue is related to the improper implementation of the TestCompatibilityRecordMode method in the Blueberry FlashBack ActiveX control. This allows remote attackers to execute arbitrary code.

Recommendations For Blueberry BB FlashBack versions prior to 7.6.1, update to version 7.6.1 or later. For IBM Rational Rhapsody versions prior to 7.6.1, update to version 7.6.1 or later. As a temporary workaround, consider disabling the TestCompatibilityRecordMode method until a patch is available.

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2011-1388

ZDI-12-030

Produtos afetados

Blueberry Bb Flashback

Ibm Rational Rhapsody

PT-2011-3095 · Blueberry+1 · Blueberry Bb Flashback+1

CVE-2011-1388

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6