CyberSec.Space Logo
返回 CVE 浏览器

CVE-2012-0708

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1450%
EPSS Percentile26.53th
Published2012年4月22日
Last Modified2026年4月29日

Vulnerability Description

Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.

Affected Platforms (CPE)

📦
Ibm

Rational Clearquest

= 7.1.1
📦
Ibm

Rational Clearquest

= 7.1.1.1
📦
Ibm

Rational Clearquest

= 7.1.1.2
📦
Ibm

Rational Clearquest

= 7.1.1.3
📦
Ibm

Rational Clearquest

= 7.1.1.4
📦
Ibm

Rational Clearquest

= 7.1.2
📦
Ibm

Rational Clearquest

= 7.1.2.1
📦
Ibm

Rational Clearquest

= 7.1.2.2
📦
Ibm

Rational Clearquest

= 7.1.2.3
📦
Ibm

Rational Clearquest

= 7.1.2.4
📦
Ibm

Rational Clearquest

= 7.1.2.5
📦
Ibm

Rational Clearquest

= 7.1.2.6
📦
Ibm

Rational Clearquest

= 8.0.0
📦
Ibm

Rational Clearquest

= 8.0.0.1

References & Advisories

🔗 http://osvdb.org/81443
🔗 http://secunia.com/advisories/48933
🔗 http://www.ibm.com/support/docview.wss?uid=swg21591705
🔗 http://www.securityfocus.com/bid/53170
🔗 http://www.securitytracker.com/id?1026958
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/73492
🔗 http://osvdb.org/81443
🔗 http://secunia.com/advisories/48933

相关漏洞威胁

CVE-2010-460110.0

Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before ...

CVE-2014-09319.1

Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scri...

CVE-2007-43687.5

SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to exe...

CVE-2007-50907.5

Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows atta...