Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-0708 — Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Rational Clearquest

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
66.6%
top 1.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Rational Clearquest
Timeline
PublishedApr 22
Latest updateMay 17

Description

Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

â–¶NVDibm/rational_clearquest14 versions+13

🔴Vulnerability Details

2
GHSA
GHSA-mvvm-h767-v89f: Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole↗2022-05-17
â–¶
CVEList
CVE-2012-0708: Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole↗2012-04-22
â–¶

💥Exploits & PoCs

1
Exploit-DB
IBM Rational ClearQuest CQOle - Remote Code Execution (Metasploit)↗2012-07-05
â–¶
CVE-2012-0708 — IBM Rational Clearquest vulnerability | cvebase