Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

IBM warns about high-risk flaws in Rational Rhapsody software development product

In a security bulletin, IBM said that an attacker could compromise the Blueberry FlashBack ActiveX control used in Rational Rhapsody for Windows V7.6 and earlier versions to execute arbitrary code remotely by instantiating the control from the Internet Explorer (IE) browser.

Big Blue explained that for a remote attacker to exploit the vulnerabilities, the following must be accomplished: the user must have Rational Rhapsody installed on the machine; the attacker needs to create malicious code that would exploit the ActiveX control; the user must be persuaded to execute the attachment or follow a web site link that contains the malicious code via the IE browser; and, on Internet Zone, the user must authorize the ActiveX pop-up dialog before it could be used.

The company stressed that the user does not have to use Rational Rhapsody continuously for the vulnerabilities to be exploited. The flaw in ActiveX control can be exploited regardless of use of the product.

IBM said that as of late December it had not received any reports of customer issues related to these security vulnerabilities, which were discovered by Andrea Micalizzi and reported to IBM by the TippingPoint Zero Day Initiative.