Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2011.0035 Rational System Architect ActiveBar ActiveX Control Vulnerabilities 4 May 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Rational System Architect Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2011-1207 Member content until: Friday, June 3 2011 OVERVIEW IBM has released an update to correct vulnerabilities in the ActiveX control for Rational System Architect ActiveBar. [1] IMPACT It is possible to execute arbitrary code by instatiating either: actbar.ocx actbar2.ocx Currently known methods of this control that are vulnerable include Save() SaveLayoutchanges() SaveMenuUsageData() SetLayoutData() Note: affects ActiveBar1 only. This vulnerability been given the CVE identifier CVE-2011-1207. MITIGATION IBM has released an update to correct these vulnerabilities. You can get the updates from the IBM website [1]. Alternatively, you can set the kill bits for each of the ActiveX controls. Below is the contents of a registry file to set the kill bit for each control. 1) Copy the text below to a tile 2) Save the file as ActBar_RegistryEntry.reg 3) With administrative privileges, double click the file 4) Click yes to the prompt for importing the registry settings 5) Click OK ----- BEGIN INCLUDE ----- Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E4F874A0-56ED-11D0-9C43-00A0C90F29FC}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4932CEF4-2CAA-11D2-A165-0060081C43D9}] "Compatibility Flags"=dword:00000400 ----- END INCLUDE ----- REFERENCES [1] Rational System Architect ActiveBar ActiveX Control Vulnerabilities https://www-304.ibm.com/support/docview.wss?uid=swg21497689 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://www.auscert.org.au/1967 iD8DBQFNwOjj/iFOrG6YcBERAo0lAJ9+JspbCEY9pdM5NNIbNiYNZPPStgCfbRDT ZzPf4ArRnG/fANt6EwEQoYQ= =eifn -----END PGP SIGNATURE-----