CVE-2011-1388: Code Injection
First published: Fri Dec 23 2011(Updated: )
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the TestCompatibilityRecordMode method, which allows remote attackers to execute arbitrary code via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BB FlashBack | ||
| IBM Engineering Systems Design Rhapsody | <=7.6.0.1 | |
| IBM Engineering Systems Design Rhapsody | =7.5 | |
| IBM Engineering Systems Design Rhapsody | =7.5.0.1 | |
| IBM Engineering Systems Design Rhapsody | =7.5.1 | |
| IBM Engineering Systems Design Rhapsody | =7.5.1.1 | |
| IBM Engineering Systems Design Rhapsody | =7.5.2 | |
| IBM Engineering Systems Design Rhapsody | =7.5.2.1 | |
| IBM Engineering Systems Design Rhapsody | =7.5.3 | |
| IBM Engineering Systems Design Rhapsody | =7.5.3.1 | |
| IBM Engineering Systems Design Rhapsody | =7.5.3.2 | |
| IBM Engineering Systems Design Rhapsody | =7.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-1388?
CVE-2011-1388 is classified as a critical severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2011-1388?
To mitigate CVE-2011-1388, users should update to versions of IBM Rational Rhapsody that are 7.6.1 or later, or update BB FlashBack to the latest secure version.
What products are affected by CVE-2011-1388?
CVE-2011-1388 affects BB FlashBack Recorder and versions of IBM Rational Rhapsody prior to 7.6.1.
Can CVE-2011-1388 be exploited remotely?
Yes, CVE-2011-1388 can be exploited remotely by attackers through the vulnerable ActiveX control.
What kind of attacks can CVE-2011-1388 facilitate?
CVE-2011-1388 can facilitate arbitrary code execution, allowing attackers to run malicious code on affected systems.
- collector/nvd-historical
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/.bbsoftware
- canonical/bb flashback
- vendor/ibm
- canonical/ibm engineering systems design rhapsody
- version/ibm engineering systems design rhapsody/7.6.0.1
- version/ibm engineering systems design rhapsody/7.5
- version/ibm engineering systems design rhapsody/7.5.0.1
- version/ibm engineering systems design rhapsody/7.5.1
- version/ibm engineering systems design rhapsody/7.5.1.1
- version/ibm engineering systems design rhapsody/7.5.2
- version/ibm engineering systems design rhapsody/7.5.2.1
- version/ibm engineering systems design rhapsody/7.5.3
- version/ibm engineering systems design rhapsody/7.5.3.1
- version/ibm engineering systems design rhapsody/7.5.3.2
- version/ibm engineering systems design rhapsody/7.6