Vulnerability Details : CVE-2012-0708
Public exploit exists!
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2012-0708
Probability of exploitation activity in the next 30 days: 96.52%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2012-0708
-
IBM Rational ClearQuest CQOle Remote Code Execution
Disclosure Date: 2012-05-19First seen: 2020-04-26exploit/windows/browser/clear_quest_cqoleThis module exploits a function prototype mismatch on the CQOle ActiveX control in IBM Rational ClearQuest < 7.1.1.9, < 7.1.2.6 or < 8.0.0.2 which allows reliable remote code execution when DEP isn't enabled. Authors: - Andrea Micalizzi aka rgod - juan vazquez <
CVSS scores for CVE-2012-0708
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2012-0708
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0708
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/73492
IBM Rational ClearQuest ActiveX control (cqole.dll) buffer overflow CVE-2012-0708 Vulnerability Report
-
http://www.securityfocus.com/bid/53170
IBM Rational ClearQuest 'cqole.dll' ActiveX Control Heap Buffer Overflow Vulnerability
-
http://www.securitytracker.com/id?1026958
IBM Rational ClearQuest Buffer Overflow in ActiveX Control RegisterSchemaRepoFromFileByDbSet() Function Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://secunia.com/advisories/48933
Sign in
-
http://osvdb.org/81443
-
http://www.ibm.com/support/docview.wss?uid=swg21591705
IBM Security Bulletin: Rational ClearQuest CQOle ActiveX Control Remote Execution Vulnerability (CVE-2012-0708)Vendor Advisory
Products affected by CVE-2012-0708
- cpe:2.3:a:ibm:rational_clearquest:7.1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:8.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:7.1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*