PT-2016-3920 · Ibm · Ibm Spss Statistics
Wei Gao
·
Published
2016-05-14
·
Updated
2019-02-14
·
CVE-2015-8530
CVSS v2.0
6.0
Medium
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IBM SPSS Statistics versions 19 through 20 before 20.0.0.2-IF0008
IBM SPSS Statistics version 21 before 21.0.0.2-IF0010
IBM SPSS Statistics version 22 before 22.0.0.2-IF0011
IBM SPSS Statistics version 23 before 23.0.0.3-IF0001
IBM SPSS Statistics version 24 before 24.0.0.0-IF0003
Description
The issue is a stack-based buffer overflow in the Initialize function in an ActiveX control. This allows remote authenticated users to execute arbitrary code via a long argument.
Recommendations
For IBM SPSS Statistics version 19, update to version 20.0.0.2-IF0008 or later.
For IBM SPSS Statistics version 20 before 20.0.0.2-IF0008, update to version 20.0.0.2-IF0008 or later.
For IBM SPSS Statistics version 21 before 21.0.0.2-IF0010, update to version 21.0.0.2-IF0010 or later.
For IBM SPSS Statistics version 22 before 22.0.0.2-IF0011, update to version 22.0.0.2-IF0011 or later.
For IBM SPSS Statistics version 23 before 23.0.0.3-IF0001, update to version 23.0.0.3-IF0001 or later.
For IBM SPSS Statistics version 24 before 24.0.0.0-IF0003, update to version 24.0.0.0-IF0003 or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Spss Statistics