vendor:
Cognos Express
by:
Unknown, juan vazquez
7,5
CVSS
HIGH
Stack Buffer Overflow
119
CWE
Product Name: Cognos Express
Affected Version From: IBM Cognos Express 9.5
Affected Version To: IBM Cognos Express 9.5
Patch Exists: YES
Related CWE: CVE-2012-0202
CPE: a:ibm:cognos_express:9.5
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2012
IBM Cognos tm1admsd.exe Overflow
This module exploits a stack buffer overflow in IBM Cognos Analytic Server Admin service. The vulnerability exists in the tm1admsd.exe component, due to a dangerous copy of user controlled data to the stack, via memcpy, without validating the supplied length and data. The module has been tested successfully on IBM Cognos Express 9.5 over Windows XP SP3.
Mitigation:
IBM Cognos Express 9.5 Fix Pack 1 (9.5.10009.10070) and later contain a fix for this vulnerability.
