CVE-2012-0708
IBM Rational ClearQuest <7.1.1.9, <7.1.2.6, <8.0.0.2 - Buffer Overflow
Title source: llmDescription
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/19576
metasploit
WORKING POC
NORMAL
by Andrea Micalizzi aka rgod, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/clear_quest_cqole.rb
References (6)
Scores
EPSS
0.6657
EPSS Percentile
98.5%
Details
CWE
CWE-119
Status
published
Products (14)
ibm/rational_clearquest
7.1.1
ibm/rational_clearquest
7.1.1.1
ibm/rational_clearquest
7.1.1.2
ibm/rational_clearquest
7.1.1.3
ibm/rational_clearquest
7.1.1.4
ibm/rational_clearquest
7.1.2
ibm/rational_clearquest
7.1.2.1
ibm/rational_clearquest
7.1.2.2
ibm/rational_clearquest
7.1.2.3
ibm/rational_clearquest
7.1.2.4
... and 4 more
Published
Apr 22, 2012
Tracked Since
Feb 18, 2026