Test ID:	1.3.6.1.4.1.25623.1.0.802600
Category:	General
Title:	IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Code Execution Vulnerabilities - Windows
Summary:	IBM SPSS SamplePower is prone to a buffer overflow vulnerability.
Description:	Summary: IBM SPSS SamplePower is prone to a buffer overflow vulnerability. Vulnerability Insight: Multiple flaws are due to unspecified errors in the VsVIEW6 ActiveX Control (VsVIEW6.ocx) when handling the 'SaveDoc()' and 'PrintFile()' methods. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions. Affected Software/OS: IBM SPSS SamplePower version 3.0 Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. A workaround is to disable the use of the vulnerable ActiveX control within Internet Explorer or Set the killbit for the following CLSID {6E84D662-9599-11D2-9367-20CC03C10627}. For more info please see the referenced microsoft KB link. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0189 http://secunia.com/advisories/47605 XForce ISS Database: spss-vsview6-activex-code-execution(72119) https://exchange.xforce.ibmcloud.com/vulnerabilities/72119
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.