CVE-2011-1207
IBM Rational System Architect < 11.4.0.2 - Remote Code Execution via ActiveBar1 ActiveX SetLayoutData Method
Title source: llmDescription
The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.
References (6)
Core 6
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/docview.wss?uid=swg21497689
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1025464
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43474
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1129
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43399
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/47643
Scores
EPSS
0.0526
EPSS Percentile
91.5%
Details
CWE
CWE-863
Status
published
Products (8)
ibm/rational_system_architect
11.3
ibm/rational_system_architect
11.3.1
ibm/rational_system_architect
11.3.1.1
ibm/rational_system_architect
11.3.1.2
ibm/rational_system_architect
11.3.1.3
ibm/rational_system_architect
11.4
ibm/rational_system_architect
11.4.0.1
ibm/rational_system_architect
< 11.4.0.2
Published
May 05, 2011
Tracked Since
Feb 18, 2026