Share

Related Stories

Top 5 Stories

News

IBM warns about high-risk flaws in Rational Rhapsody software development product

04 January 2012

IBM advised about multiple high-risk vulnerabilities in its collaborative software design and development tool Rational Rhapsody that could enable a remote attacker to execute arbitrary code.

In a security bulletin, IBM said that an attacker could compromise the Blueberry FlashBack ActiveX control used in Rational Rhapsody for Windows V7.6 and earlier versions to execute arbitrary code remotely by instantiating the control from the Internet Explorer (IE) browser.

Big Blue explained that for a remote attacker to exploit the vulnerabilities, the following must be accomplished: the user must have Rational Rhapsody installed on the machine; the attacker needs to create malicious code that would exploit the ActiveX control; the user must be persuaded to execute the attachment or follow a web site link that contains the malicious code via the IE browser; and, on Internet Zone, the user must authorize the ActiveX pop-up dialog before it could be used.

The company stressed that the user does not have to use Rational Rhapsody continuously for the vulnerabilities to be exploited. The flaw in ActiveX control can be exploited regardless of use of the product.

IBM said that as of late December it had not received any reports of customer issues related to these security vulnerabilities, which were discovered by Andrea Micalizzi and reported to IBM by the TippingPoint Zero Day Initiative.

This article is featured in:
Application Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×