You are here

V-061: IBM SPSS Modeler XML Document Parsing Vulnerability

January 3, 2013 - 1:00am

Addthis

PROBLEM:

IBM SPSS Modeler XML Document Parsing Vulnerability

PLATFORM:

Versions 14 through 15.0 of IBM SPSS Modeler running on all supported platforms are affected.

ABSTRACT:

A vulnerability has been reported in IBM SPSS Modeler.

REFERENCE LINKS:

IBM Reference #: 1620758
IBM Reference #: 4034122
Secunia Advisory  SA51715
Security-Database
CVE-2012-5769

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A vulnerability has been reported in IBM SPSS Modeler, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling certain XML documents and can be exploited via a specially crafted document.

IMPACT:

The victim's system could be made to automatically send the contents of local or remote resource to the attacker's server. It could also be possible to conduct denial of service attacks.

SOLUTION:

This Interim Fix addresses an important product correction for SPSS Modeler 14.x and 15.

Addthis