1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: IBM Rational ClearQuest BO CVE-2012-0708 2

Web Attack: IBM Rational ClearQuest BO CVE-2012-0708 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a heap buffer overflow vulnerability in IBM Rational ClearQuest.

Additional Information

IBM Rational ClearQuest is an application for managing software development.

The IBM Rational ClearQuest ActiveX control is prone to a heap-based buffer-overflow vulnerability. Specifically, this issue occurs by a function prototype mismatch in the 'RegisterSchemaRepoFromFileByDbSet()' function of the 'cqole.dll' file.

An attacker can exploit this issue to execute arbitrary code in the context of the application, typically Internet Explorer, that uses the ActiveX control. Failed attacks will likely cause denial-of-service conditions.

IBM Rational ClearQuest versions 8.0, 8.0.0.1 and 7.1.1 through 7.1.2.5 are vulnerable.

Affected

  • IBM IBM Rational ClearQuest 7.1.1
  • IBM IBM Rational ClearQuest 8.0.0.1
  • IBM IBM Rational ClearQuest 8.0
  • IBM IBM Rational ClearQuest 7.1.2.5
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube