CVE-2011-1391

critical

Description

The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the InsertMarker method, which allows remote attackers to execute arbitrary code via unspecified vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/71803

http://www-01.ibm.com/support/docview.wss?uid=swg21576352

http://secunia.com/advisories/47310

http://secunia.com/advisories/47286

Details

Source: Mitre, NVD

Published: 2011-12-23

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical