IBM SPSS SamplePower c1sizer ActiveX Control Vulnerability

Added: 06/09/2013
CVE: CVE-2012-5946
BID: 59559
OSVDB: 92845

Background

SPSS (Statistical Package for the Social Sciences) is a computer application that provides statistical analysis of data. It allows for in-depth data access and preparation, analytical reporting, graphics and modelling. SamplePower is a stand-alone product designed to work seamlessly with SPSS. It allows researchers to compare the effects of different study parameters, such as sample size, using analytical tools before beginning the study.

Problem

IBM SPSS SamplePower 3.0 and earlier ship with an ActiveX control (c1sizer.ocx) that does not properly check the data size when handling the TabCaption buffer. A remote attacker could exploit this vulnerability to cause a heap buffer overflow that could allow arbitrary remote code execution.

Resolution

Download and install IBM SamplePower 3.0 FP1 as referenced in IBM Security Bulletin IBM SPSS SamplePower c1sizer ActiveX control vulnerability (CVE-2012-5946).

References

http://www.zerodayinitiative.com/advisories/ZDI-13-101/
http://www-01.ibm.com/support/docview.wss?uid=swg21635476

Limitations

This exploit was tested against IBM SPSS SamplePower 3.0 on Windows XP SP3 English (DEP OptIn).

The user must open the exploit in Internet Explorer 8 on the target machine.

Platforms

Windows

Back to exploit index