1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: IBM SPSS SamplePower CVE-2012-5945

Web Attack: IBM SPSS SamplePower CVE-2012-5945

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a buffer overflow vulnerability in IBM SPSS SamplePower which could result in remote code execution

Additional Information

The application is prone to a buffer-overflow vulnerability because it fails to properly bounds check the data by the 'Vsflex8l.ocx' ActiveX control. Specifically, the issue occurs due to an error when handling the 'ComboList'or 'ColComboList' property.

Affected

  • IBM SPSS SamplePower 3.0 is vulnerable; other versions may also be affected.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube