Vigil@nce: IBM SPSS Data Collection Developer Library Help System, two vulnerabilities
June 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use two vulnerabilities of IBM SPSS Data
Collection Developer Library Help System, in order to redirect the
victim, or to generate a Cross Site Scripting.
– Severity: 2/4
– Creation date: 11/06/2012
IMPACTED PRODUCTS
– IBM SPSS Data Collection
DESCRIPTION OF THE VULNERABILITY
The IBM SPSS Data Collection product uses help files, which are
displayed through the IBM Eclipse Help System viewer. However,
this viewer contains two vulnerabilities.
An attacker can invite the victim to click on a link of the SPSS
web site, in order to redirect him to a malicious web site.
[severity:2/4; CVE-2012-2159]
An attacker can generate a Cross Site Scripting, in order to
execute JavaScript code in the context of the SPSS site.
[severity:2/4; CVE-2012-2161]
An attacker can therefore use two vulnerabilities of IBM SPSS Data
Collection Developer Library Help System, in order to redirect the
victim, or to generate a Cross Site Scripting.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN