CVE-2011-1392: Code Injection
First published: Fri Dec 23 2011(Updated: )
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the (1) Start, (2) PauseAndSave, (3) InsertMarker, and (4) InsertSoundToFBRAtMarker methods, which allows remote attackers to execute arbitrary code via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BB FlashBack | ||
| IBM Engineering Systems Design Rhapsody | <=7.6.0.1 | |
| IBM Engineering Systems Design Rhapsody | =7.5 | |
| IBM Engineering Systems Design Rhapsody | =7.5.0.1 | |
| IBM Engineering Systems Design Rhapsody | =7.5.1 | |
| IBM Engineering Systems Design Rhapsody | =7.5.1.1 | |
| IBM Engineering Systems Design Rhapsody | =7.5.2 | |
| IBM Engineering Systems Design Rhapsody | =7.5.2.1 | |
| IBM Engineering Systems Design Rhapsody | =7.5.3 | |
| IBM Engineering Systems Design Rhapsody | =7.5.3.1 | |
| IBM Engineering Systems Design Rhapsody | =7.5.3.2 | |
| IBM Engineering Systems Design Rhapsody | =7.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-1392?
CVE-2011-1392 is classified with a medium severity, due to its potential to allow remote code execution.
How do I fix CVE-2011-1392?
To fix CVE-2011-1392, update BB FlashBack Recorder to a version later than the affected versions, ideally to 7.6.1 or later.
Which versions of BB FlashBack are affected by CVE-2011-1392?
CVE-2011-1392 affects versions of BB FlashBack prior to 7.6.1.
What products are impacted by CVE-2011-1392?
CVE-2011-1392 impacts Blueberry BB FlashBack used in IBM Rational Rhapsody versions before 7.6.1.
What methods are improperly implemented in CVE-2011-1392?
CVE-2011-1392 involves improper implementation of the Start, PauseAndSave, InsertMarker, and InsertSoundToFBRAtMarker methods.
- collector/nvd-historical
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/.bbsoftware
- canonical/bb flashback
- vendor/ibm
- canonical/ibm engineering systems design rhapsody
- version/ibm engineering systems design rhapsody/7.6.0.1
- version/ibm engineering systems design rhapsody/7.5
- version/ibm engineering systems design rhapsody/7.5.0.1
- version/ibm engineering systems design rhapsody/7.5.1
- version/ibm engineering systems design rhapsody/7.5.1.1
- version/ibm engineering systems design rhapsody/7.5.2
- version/ibm engineering systems design rhapsody/7.5.2.1
- version/ibm engineering systems design rhapsody/7.5.3
- version/ibm engineering systems design rhapsody/7.5.3.1
- version/ibm engineering systems design rhapsody/7.5.3.2
- version/ibm engineering systems design rhapsody/7.6