Intrusion Prevention

IBM.SPSS.Statistics.ActiveX.Control.Buffer.Overflow

Description

This indicates an attack attempt to exploit a Buffer Overflow vulnerability in IBM SPSS Statistics.
The vulnerability, which is located in an ActiveX control, can be exploited through a vulnerable method. An attacker can exploit this by tricking an unsuspecting user into visiting a malicious webpage and execute arbitrary code within the context of the users' browser.

Affected Products

IBM SPSS Statistics 19 before 20.0.0.2-IF0008
IBM SPSS Statistics 20 before 20.0.0.2-IF0008
IBM SPSS Statistics 21 before 21.0.0.2-IF0010
IBM SPSS Statistics 22 before 22.0.0.2-IF0011
IBM SPSS Statistics 23 before 23.0.0.3-IF0001
IBM SPSS Statistics 24 before 24.0.0.0-IF0003

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor
http://www-01.ibm.com/support/docview.wss?uid=swg21982035

CVE References

CVE-2015-8530