CVE-2011-1392

The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the (1) Start, (2) PauseAndSave, (3) InsertMarker, and (4) InsertSoundToFBRAtMarker methods, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/47286	Vendor Advisory
http://secunia.com/advisories/47310	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21576352	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/71804

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:.bbsoftware:bb_flashback:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:ibm:rational_rhapsody::::::::
	cpe:2.3:a:ibm:rational_rhapsody:7.5:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.0.1:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.1:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.1.1:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.2:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.2.1:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.3:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.3.1:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.3.2:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.6:::::::*

History

No history.

Information

Published : 2011-12-23 22:55

Updated : 2023-12-10 11:03

NVD link : CVE-2011-1392

Mitre link : CVE-2011-1392

CVE.ORG link : CVE-2011-1392

JSON object : View

Products Affected

.bbsoftware

bb_flashback

ibm

rational_rhapsody

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2011-1392", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-12-23T22:55:00.863", "references": [{"url": "http://secunia.com/advisories/47286", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/47310", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21576352", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71804", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the (1) Start, (2) PauseAndSave, (3) InsertMarker, and (4) InsertSoundToFBRAtMarker methods, which allows remote attackers to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "Blueberry FlashBack ActiveX control en BB FlashBack Recorder.dll en Blueberry BB FlashBack, como se usaba en IBM Rational Rhapsody anterior a v7.6.1 y otros productos, no implementa correctamente los m\u00e9todos (1) Start, (2) PauseAndSave, (3) InsertMarker, y(4) InsertSoundToFBRAtMarker, los cuales permiten a atacantes remotos ejecutar comandos arbitrarios mediante vectores desconocidos"}], "lastModified": "2017-08-17T01:34:07.103", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:.bbsoftware:bb_flashback:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF7911FB-D2DE-4571-A8F3-167C8DA4E2B0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_rhapsody:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A7A262C5-3999-4878-8A8E-808FEA31BB69", "versionEndIncluding": "7.6.0.1"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody:7.5:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8B5E0E9E-FF44-46BE-9BAB-4C907AE23B46"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody:7.5.0.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A206B67-3D12-4BCD-9116-9AD12910E89F"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody:7.5.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2E147396-F813-4DD7-A492-C58538FB4926"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody:7.5.1.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9619D07C-FF49-499E-BD12-D550C3BEFE96"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody:7.5.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "498C1B70-25A6-44AF-9EDC-EA396153A1C1"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody:7.5.2.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B72DB790-D922-4F9D-900D-F2E24FD6171F"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody:7.5.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E8513CB6-CB88-4350-BBF0-9B8997D6B4ED"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody:7.5.3.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AC6C0CF8-D4BE-4095-A552-113B681B8E30"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody:7.5.3.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80939055-FE60-440F-B018-6EAE05D6638E"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody:7.6:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "36E9BFF1-6D25-4B51-9288-FCDB4093449B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}