CVE-2015-8530

Name of the Vulnerable Software and Affected Versions IBM SPSS Statistics versions 19 through 20 before 20.0.0.2-IF0008 IBM SPSS Statistics version 21 before 21.0.0.2-IF0010 IBM SPSS Statistics version 22 before 22.0.0.2-IF0011 IBM SPSS Statistics version 23 before 23.0.0.3-IF0001 IBM SPSS Statistics version 24 before 24.0.0.0-IF0003

Description The issue is a stack-based buffer overflow in the Initialize function in an ActiveX control. This allows remote authenticated users to execute arbitrary code via a long argument.

Recommendations For IBM SPSS Statistics version 19, update to version 20.0.0.2-IF0008 or later. For IBM SPSS Statistics version 20 before 20.0.0.2-IF0008, update to version 20.0.0.2-IF0008 or later. For IBM SPSS Statistics version 21 before 21.0.0.2-IF0010, update to version 21.0.0.2-IF0010 or later. For IBM SPSS Statistics version 22 before 22.0.0.2-IF0011, update to version 22.0.0.2-IF0011 or later. For IBM SPSS Statistics version 23 before 23.0.0.3-IF0001, update to version 23.0.0.3-IF0001 or later. For IBM SPSS Statistics version 24 before 24.0.0.0-IF0003, update to version 24.0.0.0-IF0003 or later.