CVE-2012-0198

Name of the Vulnerable Software and Affected Versions IBM Tivoli Provisioning Manager Express for Software Distribution version 4.1.1

Description The issue is related to a stack-based buffer overflow in the RunAndUploadFile method of the Isig.isigCtl.1 ActiveX control. This allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.

Recommendations For IBM Tivoli Provisioning Manager Express for Software Distribution version 4.1.1, consider disabling the Isig.isigCtl.1 ActiveX control as a temporary workaround until a patch is available. Restrict access to the RunAndUploadFile method to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.