CVE-2012-5945

Name of the Vulnerable Software and Affected Versions IBM SPSS SamplePower version 3.0 before FP1

Description The issue concerns buffer overflows in the Vsflex8l ActiveX control. Remote attackers can execute arbitrary code by providing a long value for either the ComboList or ColComboList property.

Recommendations For IBM SPSS SamplePower version 3.0 before FP1, apply the FP1 patch to resolve the issue. As a temporary workaround, consider restricting access to the Vsflex8l ActiveX control to minimize the risk of exploitation. Avoid using long values for the ComboList or ColComboList properties in the affected ActiveX control until the issue is resolved.