What is CVE-2012-0708?

CVE-2012-0708 is a vulnerability in Ibm Rational_clearquest, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2012-04-22.

Is CVE-2012-0708 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Ibm Rational_clearquest

CVE-2012-0708

Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a cra…

Vulnerability class: Buffer Overflow

EPSS: 0.666 (98.6th percentile) — read the EPSS interpretation.

Affected products

Ibm Rational_clearquest — versions 7.1.1, 7.1.1.1, 7.1.1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

rapid7/metasploit-framework

References

1026958 (vdb-entry, x_refsource_SECTRACK)
rcq-cqole-activex-bo(73492) (vdb-entry, x_refsource_XF)
81443 (x_refsource_OSVDB, vdb-entry)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
53170 (vdb-entry, x_refsource_BID)
48933 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2012-0708?: CVE-2012-0708 is a vulnerability in Ibm Rational_clearquest, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2012-04-22.
Is CVE-2012-0708 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.