IBM Rational ClearQuest CQOle ActiveX

Added: 05/30/2012
CVE: CVE-2012-0708
BID: 53170
OSVDB: 81443

Background

Rational ClearQuest is an enterprise workflow automation tool. It functions as a bug tracking tool and can act as a CRM or process tracker.

Problem

The ClearQuest web client installs ActiveX modules on the client system. These modules are usable by any website that the user visits. The RegisterSchemaRepoFromFileByDbSe method of the CLEARQUEST.SESSION ActiveX object does not properly sanitize its parameters. Passing an overly long parameter will result in an exploitable heap overflow condition.

Resolution

Upgrade to version 7.1.1.9, 7.1.2.6, or 8.0.0.2, or higher.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21591705

Limitations

This exploit has been tested against IBM Rational ClearQuest 7.1.2 on Windows XP SP3 English (DEP OptIn) using Internet Explorer 7.

Platforms

Windows

Back to exploit index