Security Vulnerability for ActiveX Control packaged with IBM Cognos Disclosure Management Client (CVE-2013-0501)

Flash (Alert)


Abstract

A third party ActiveX control (EdrawSoft) may have been registered in the Windows registry by the CDM client installation process. This ActiveX control contains a security vulnerability that could allow unauthorized file access to the user’s machine from malicious web sites.

Content

VULNERABILITY DETAILS:

CVSS:
Using the Common Vulnerability Scoring System (CVSS) v2, the security ratings for these issues are:

CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82345 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)


DESCRIPTION:
The EdrawSoft ActiveX control is marked as “safe for scripting”, meaning that once installed on a client machine, it can be controlled from web pages. Users that visit malicious web sites on the Internet can have their local files uploaded to these websites or binary files forcefully downloaded onto their machines. Newly downloaded binary files can also be executed from the malicious web page.


AFFECTED PRODUCTS:
IBM Cognos Disclosure Management 10.2.0


REMEDIATION:
The registration of the ActixeX control should be removed from the Windows registry to prevent any security vulnerabilities. This will not affect how the ActiveX control works within the CDM product; it will just remove access from outside the application.

The following registry keys should be removed if they exist:

[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7677E74E-5831-4C9E-A2DD-9B1EF9DF2DB4}]

[HKEY_CLASSES_ROOT\CLSID\{7677E74E-5831-4C9E-A2DD-9B1EF9DF2DB4}]

[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4059A851-1706-46D5-A0AF-FD9AE0A43E70}]

[HKEY_CLASSES_ROOT\CLSID\{4059A851-1706-46D5-A0AF-FD9AE0A43E70}]

[HKEY_CLASSES_ROOT\EDOFFICE.EDOfficeCtrl.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9EF5199D-83D8-43DE-98A9-DA5BC5F17836}]

[HKEY_CLASSES_ROOT\Interface\{08FDACA2-7D6F-4F01-9318-32CFB9B39E66}]

[HKEY_CLASSES_ROOT\Wow6432Node\Interface\{08FDACA2-7D6F-4F01-9318-32CFB9B39E66}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{08FDACA2-7D6F-4F01-9318-32CFB9B39E66}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{08FDACA2-7D6F-4F01-9318-32CFB9B39E66}]


It is recommended that the registry keys are backed up prior to making any changes.

Please refer to the instructions below for backing up and deleting a registry key:

  1. Log in to the machine as a local administrator.
  2. Open the registry editor (regedit at command line).
  3. Locate and click on the key that is to be removed.
  4. Click on the File menu and select 'Export'.
  5. In the Save In box, please select the location to save the file to and an appropriate file name. Click save.
  6. Delete the key by right clicking on the key and selecting 'Delete'.
  7. To restore a key, double click on the saved .reg file.

This issue has been corrected in an update from EdrawSoft and will be included in future releases of CDM.

For more assistance, please contact IBM Support.


REFERENCES:

RELATED INFORMATION:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog



CHANGE HISTORY
5 April 2013: Original Copy Published

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Cognos Disclosure Management

Software version:

10.2

Operating system(s):

Windows

Reference #:

1627070

Modified date:

2013-04-05

Translate my page

Machine Translation

Content navigation