Vulnerability CVE-2012-0708 - CERT Civis.Net

Vulnerability Name:

CVE-2012-0708 (CCN-73492)

Assigned:

2012-04-19

Published:

2012-04-19

Updated:

2017-12-19

Summary:

Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2012-0708

Source: OSVDB
Type: UNKNOWN
81443

Source: CCN
Type: SA48933
IBM Rational ClearQuest ActiveX Control Buffer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
48933

Source: CCN
Type: IBM Security Bulletin 1591705
Security Bulletin: IBM Rational ClearQuest CQOle ActiveX Control Remote Execution Vulnerability (CVE-2012-0708)

Source: CONFIRM
Type: Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21591705

Source: CCN
Type: OSVDB ID: 81443
IBM Rational ClearQuest RegisterSchemaRepoFromFileByDbSet() Function ActiveX (cqole.dll) Website Handling Remote Overflow

Source: BID
Type: UNKNOWN
53170

Source: CCN
Type: BID-53170
IBM Rational ClearQuest 'cqole.dll' ActiveX Control Heap Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1026958

Source: XF
Type: UNKNOWN
rcq-cqole-activex-bo(73492)

Source: XF
Type: UNKNOWN
rcq-cqole-activex-bo(73492)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [07-05-2012]

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [05-30-2018]
IBM Rational ClearQuest CQOle Remote Code Execution

Source: CCN
Type: ZDI-12-113
IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:rational_clearquest:7.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:rational_clearquest:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:*

Denotes that component is vulnerable