PT-2012-2388 · Ibm · Exporthtml.Dll+3

Published

2012-01-18

Updated

2017-08-29

CVE-2012-0190

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM SPSS Dimensions version 5.5 SPSS Data Collection versions 5.6 through 6.0.1

Description The issue allows remote attackers to execute arbitrary code via a crafted HTML document, exploiting an unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll.

Recommendations For IBM SPSS Dimensions version 5.5, update to a version that fixes the issue in the ExportHTML.dll ActiveX control. For SPSS Data Collection versions 5.6 through 6.0.1, update to a version that fixes the issue in the ExportHTML.dll ActiveX control. As a temporary workaround, consider disabling the Render method in the ExportHTML.ocx ActiveX control until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2012-0190

ZDI-12-026

Affected Products

Exporthtml.Dll

Exporthtml.Ocx

Ibm Spss Dimensions

Ibm Spss Data Collection

PT-2012-2388 · Ibm · Exporthtml.Dll+3

CVE-2012-0190

Related Identifiers

Affected Products

References · 5