CVE-2013-6724 : Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 IF1 allows remote att

Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 IF1 allows remote attackers to execute arbitrary code via a crafted ComboList property value.

Published 2014-02-01 15:55:04

Updated 2017-08-29 01:34:00

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2013-6724

Probability of exploitation activity in the next 30 days: 6.93%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-6724

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2013-6724

https://exchange.xforce.ibmcloud.com/vulnerabilities/89279

IBM SPSS SamplePower ActiveX control code execution CVE-2013-6724 Vulnerability Report
http://www-01.ibm.com/support/docview.wss?uid=swg21663250

IBM Security Bulletin: IBM SPSS SamplePower vsflex8l ActiveX Control ComboList Property Remote Code Execution Vulnerability (CVE-2013-6724)
Vendor Advisory

Products affected by CVE-2013-6724

IBM » Spss Samplepower » Version: 3.0.1.0
cpe:2.3:a:ibm:spss_samplepower:3.0.1.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-6724

Exploit prediction scoring system (EPSS) score for CVE-2013-6724

CVSS scores for CVE-2013-6724

References for CVE-2013-6724

Products affected by CVE-2013-6724