CVE-2011-1392

The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the (1) Start, (2) PauseAndSave, (3) InsertMarker, and (4) InsertSoundToFBRAtMarker methods, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21576352	Patch Vendor Advisory
http://secunia.com/advisories/47310	Vendor Advisory
http://secunia.com/advisories/47286	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/71804

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:.bbsoftware:bb_flashback:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:ibm:rational_rhapsody::::::::
	cpe:2.3:a:ibm:rational_rhapsody:7.5.1.1:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.1:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.3.1:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.3:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.2.1:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.2:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.6:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.3.2:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.0.1:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5:::::::*

Information

Published : 2011-12-23 14:55

Updated : 2017-08-16 18:34

NVD link : CVE-2011-1392

Mitre link : CVE-2011-1392

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

Products Affected

ibm

rational_rhapsody

.bbsoftware

bb_flashback

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21576352", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21576352", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/47310", "name": "47310", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/47286", "name": "47286", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71804", "name": "ibm-ratth-bbfb-code-execution(71804)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the (1) Start, (2) PauseAndSave, (3) InsertMarker, and (4) InsertSoundToFBRAtMarker methods, which allows remote attackers to execute arbitrary code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-1392", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2011-12-23T22:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:.bbsoftware:bb_flashback:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false, "versionEndIncluding": "7.6.0.1"}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:34Z"}