CVE-2012-1241 Information

Description

GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document.

Reference

http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-list/47170 http://jvn.jp/en/jp/JVN33283707/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000031 http://secunia.com/advisories/48811 http://www.securityfocus.com/bid/53011 https://exchange.xforce.ibmcloud.com/vulnerabilities/74866