PT-2011-3096 · Blueberry+1 · Blueberry Bb Flashback+1

Andrea Micalizzi

Published

2011-12-23

Updated

2017-08-17

CVE-2011-1391

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Blueberry BB FlashBack versions prior to 7.6.1 IBM Rational Rhapsody versions prior to 7.6.1

Description The issue is related to the improper implementation of the InsertMarker method in the Blueberry FlashBack ActiveX control. This allows remote attackers to execute arbitrary code.

Recommendations For Blueberry BB FlashBack versions prior to 7.6.1, update to version 7.6.1 or later. For IBM Rational Rhapsody versions prior to 7.6.1, update to version 7.6.1 or later. As a temporary workaround, consider disabling the InsertMarker method until a patch is available.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2011-1391

ZDI-12-029

Affected Products

Blueberry Bb Flashback

Ibm Rational Rhapsody

PT-2011-3096 · Blueberry+1 · Blueberry Bb Flashback+1

CVE-2011-1391

Weakness Enumeration

Related Identifiers

Affected Products

References · 6