Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.0497 Security Vulnerability for ActiveX Control packaged with IBM Cognos Disclosure Management Client (CVE-2013-0501) 9 April 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Cognos Disclosure Management Publisher: IBM Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2013-0501 Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21627070 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Vulnerability for ActiveX Control packaged with IBM Cognos Disclosure Management Client (CVE-2013-0501) Flash (Alert) Document information Cognos Disclosure Management Software version: 10.2 Operating system(s): Windows Reference #: 1627070 Modified date: 2013-04-05 Abstract A third party ActiveX control (EdrawSoft) may have been registered in the Windows registry by the CDM client installation process. This ActiveX control contains a security vulnerability that could allow unauthorized file access to the user's machine from malicious web sites. Content VULNERABILITY DETAILS: CVSS: Using the Common Vulnerability Scoring System (CVSS) v2, the security ratings for these issues are: CVSS Base Score: 9.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82345 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) DESCRIPTION: The EdrawSoft ActiveX control is marked as "safe for scripting", meaning that once installed on a client machine, it can be controlled from web pages. Users that visit malicious web sites on the Internet can have their local files uploaded to these websites or binary files forcefully downloaded onto their machines. Newly downloaded binary files can also be executed from the malicious web page. AFFECTED PRODUCTS: IBM Cognos Disclosure Management 10.2.0 REMEDIATION: The registration of the ActixeX control should be removed from the Windows registry to prevent any security vulnerabilities. This will not affect how the ActiveX control works within the CDM product; it will just remove access from outside the application. The following registry keys should be removed if they exist: [HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7677E74E-5831-4C9E-A2DD-9B1EF9DF2DB4}] [HKEY_CLASSES_ROOT\CLSID\{7677E74E-5831-4C9E-A2DD-9B1EF9DF2DB4}] [HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4059A851-1706-46D5-A0AF-FD9AE0A43E70}] [HKEY_CLASSES_ROOT\CLSID\{4059A851-1706-46D5-A0AF-FD9AE0A43E70}] [HKEY_CLASSES_ROOT\EDOFFICE.EDOfficeCtrl.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9EF5199D-83D8-43DE-98A9-DA5BC5F17836}] [HKEY_CLASSES_ROOT\Interface\{08FDACA2-7D6F-4F01-9318-32CFB9B39E66}] [HKEY_CLASSES_ROOT\Wow6432Node\Interface\{08FDACA2-7D6F-4F01-9318-32CFB9B39E66}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{08FDACA2-7D6F-4F01-9318-32CFB9B39E66}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{08FDACA2-7D6F-4F01-9318-32CFB9B39E66}] It is recommended that the registry keys are backed up prior to making any changes. Please refer to the instructions below for backing up and deleting a registry key: Log in to the machine as a local administrator. Open the registry editor (regedit at command line). Locate and click on the key that is to be removed. Click on the File menu and select 'Export'. In the Save In box, please select the location to save the file to and an appropriate file name. Click save. Delete the key by right clicking on the key and selecting 'Delete'. To restore a key, double click on the saved .reg file. This issue has been corrected in an update from EdrawSoft and will be included in future releases of CDM. For more assistance, please contact IBM Support. REFERENCES: Complete CVSS Guide On-line Calculator V2 CVE-2013-0501 X-Force Vulnerability Database http://xforce.iss.net/xforce/xfdb/82345 RELATED INFORMATION: IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog CHANGE HISTORY 5 April 2013: Original Copy Published Copyright and trademark information IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUWOSbO4yVqjM2NGpAQIa/Q//R0vcAOvS7pQiWff3ApGqEUxTL/vuxr7z c3LTvexuIiSrcS31mhVYD/7qbsycLzpIEfZlZ7Vrg47yVY7Mqn5GiQ/FU5GA3nQm cD/K5WA0JgCtshY3egRFIY2nnoXp+S/3s43GcI7cwHKbogEUIWyMcmbCPB6dBK6Q /db6m7vdvVac6YxJY62PCn5LjIDLr/CI2SMRN/guTqudnX/2ARqyCY709ZxODmVv tI9eKTF+0XoxxBDPtKTGSaBX4f+ysG1tlnzYlaXSrZ9FK8NzujHUh+aXoCA5INwL qIR0zCnJ/noBH7no/S9vTk6tGn7gRT+WG+SOoxgVJOQ6xNEN9tUIWH9JqJFdlTfM ZCTHatGegg1cO8E2vNgMo4LW8lGblEO5C/LjS/ukt5wiZEJ2gb9QAVojdbWpnvwf gEP8mOCr310rFOqi47QYmME1e55ybZEIgQ8NZps+va/MYz8uNKK9IUK/VyfgCTIa w/x8wxANk67H5qPN76nAfyGaizQ6qDxfKVFh1KVEKz+wltbcEVGWZeNVYqvgwtiK KrdSm+o2blg7iGDyG8XWfO1X6AJ1RQLUxz7976NIH0DP1gF2Osr6GTnen3QMKhVP 65bmsz2SEY2kq30nGYJu7r3xgQzUxTbL1UdOqAZayXfB0oqqszH7Fq7Aln8FrNzP 5sFNC10hnDc= =v75j -----END PGP SIGNATURE-----