PT-2012-2394 · Ibm · Ibm Tivoli Provisioning Manager Express For Software Distribution

Andrea Micalizzi

Published

2012-03-01

Updated

2017-08-29

CVE-2012-0198

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM Tivoli Provisioning Manager Express for Software Distribution version 4.1.1

Description The issue is related to a stack-based buffer overflow in the RunAndUploadFile method of the Isig.isigCtl.1 ActiveX control. This allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.

Recommendations For IBM Tivoli Provisioning Manager Express for Software Distribution version 4.1.1, consider disabling the Isig.isigCtl.1 ActiveX control as a temporary workaround until a patch is available. Restrict access to the RunAndUploadFile method to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2012-0198

ZDI-12-040

Affected Products

Ibm Tivoli Provisioning Manager Express For Software Distribution

PT-2012-2394 · Ibm · Ibm Tivoli Provisioning Manager Express For Software Distribution

CVE-2012-0198

Related Identifiers

Affected Products

References · 6