CVE-2011-1207

Name of the Vulnerable Software and Affected Versions Data Dynamics ActiveBar ActiveX controls version 1.0.6.5 IBM Rational System Architect versions 11.4.0.2, 11.4.0.1, and earlier

Description The issue is related to the ActiveBar1 ActiveX control, which does not properly restrict the SetLayoutData method. This allows remote attackers to execute arbitrary code via a crafted Data argument.

Recommendations For IBM Rational System Architect versions 11.4.0.2, 11.4.0.1, and earlier, consider restricting access to the SetLayoutData method until a patch is available. For Data Dynamics ActiveBar ActiveX controls version 1.0.6.5, restrict the use of the SetLayoutData method to minimize the risk of exploitation.