Security Bulletin: IBM SPSS Data Collection ActiveX Control vulnerabilities (CVE-2012-0188, CVE-2012-0190)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  spss activex psirthigh psirtba
0 Comments | 1,750 Visits
There are multiple security vulnerabilities with the mraboutb.dll and ExportHTML.dll ActiveX controls shipped by IBM SPSS Data Collection versions 5.6, 6.0 and 6.0.1 ("Data Collection") and SPSS Dimensions version 5.5 ("Dimensions"). The vulnerabilities allow remote attackers to execute arbitrary code on installations of Data Collection or Dimensions when the control is invoked as ActiveX by Microsoft Internet Explorer.
CVE(s): CVE-2012-0188, CVE-2012-0190
Affected product(s): IBM SPSS Data Collection; IBM SPSS Dimensions
Affected version(s): 5.6, 6.0 and 6.0.1; 5.5