IBM SPSS SamplePower 3.0 < 3.0 FP 1 Multiple ActiveX Controls Arbitrary Code Execution

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.

Synopsis :

The remote host has multiple ActiveX controls with code execution

Description :

The remote install of IBM SPSS SamplePower has a vulnerable version of
one or more ActiveX controls installed. 'Vsflex8l.ocx', 'c1sizer.ocx',
'vsflex7l .ocx', and 'olch2x32.ocx' ActiveX controls have unspecified
arbitrary code execution vulnerabilities, which can be exploited by
tricking a user into opening a specially crafted web page.

See also :

Solution :

Upgrade to IBM SPSS SamplePower 3.0 FP 1 or higher.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 66473 ()

Bugtraq ID: 59527

CVE ID: CVE-2012-5945

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now