CVE-2011-1207 Information

Description

The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2 11.4.0.1 and earlier does not properly restrict the SetLayoutData method which allows remote attackers to execute arbitrary code via a crafted Data argument a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.

Reference

http://secunia.com/advisories/43399 http://secunia.com/advisories/43474 http://securitytracker.com/id?1025464 http://www.securityfocus.com/bid/47643 http://www.vupen.com/english/advisories/2011/1129 https://www.ibm.com/support/docview.wss?uid=swg21497689