PROBLEM:
IBM SPSS Modeler XML Document Parsing Vulnerability
PLATFORM:
Versions 14 through 15.0 of IBM SPSS Modeler running on all supported platforms are affected.
ABSTRACT:
A vulnerability has been reported in IBM SPSS Modeler.
REFERENCE LINKS:
IBM Reference #: 1620758
IBM Reference #: 4034122
Secunia Advisory SA51715
Security-Database
CVE-2012-5769
IMPACT ASSESSMENT:
Medium
DISCUSSION:
A vulnerability has been reported in IBM SPSS Modeler, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
The vulnerability is caused due to an error when handling certain XML documents and can be exploited via a specially crafted document.
IMPACT:
The victim's system could be made to automatically send the contents of local or remote resource to the attacker's server. It could also be possible to conduct denial of service attacks.
SOLUTION:
This Interim Fix addresses an important product correction for SPSS Modeler 14.x and 15.