Fortinet Discovers IBM SPSS Statistics ActiveX Control Arbitrary Code Execution Vulnerability
Fortinet's FortiGuard Labs has discovered an arbitrary code execution vulnerability in IBM SPSS Statistics ActiveX control.
IBM SPSS Statistics is an integrated family of products that addresses the entire analytical process, from planning to data collection to analysis, reporting and deployment. SPSS Statistics is loaded with powerful analytic techniques and time-saving features to help you quickly and easily find new insights in your data, so you can make more accurate predictions and achieve better outcomes for your organization.
The vulnerability exists due to insufficient sanitizing of the parameter value passed to the function 'LongAsObject'. This could allow an attacker to pass malicious parameter value to the ActiveX control, resulting in arbitrary code execution on the victim's system.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Apr 28, 2015
Users should apply the solution provided by IBM.
Since the ActiveX control is not marked as "safe for scripting", the vulnerability should be difficult to be exploited remotely.
This vulnerability was discovered by Honggang Ren of Fortinet's FortiGuard Labs.