Home Unlabelled IBM Security Bulletin: InstallAnywhere generates installation executables which are vulnerable to a DLL-planting vulnerability (CVE-2016-4560)

IBM Security Bulletin: InstallAnywhere generates installation executables which are vulnerable to a DLL-planting vulnerability (CVE-2016-4560)

By
Tuesday, June 21, 2016
Read
Add Comment

Flexera InstallAnywhere, shipped and used by IBM Spectrum Control and Tivoli Storage Productivity Center, could allow a local attacker to gain elevated privileges on the system by using a Trojan horse DLL in the current working directory of a setup-launcher.

CVE(s): CVE-2016-4560

Affected product(s) and affected version(s):

IBM Spectrum Control 5.2.8 through 5.2.9 (Windows)
Tivoli Storage Productivity Center 5.2.0 through 5.2.7 (Windows)
Tivoli Storage Productivity Center 5.1.0 through 5.1.1.9 (Windows)
Tivoli Storage Productivity Center 4.2.x (Windows)
Tivoli Storage Productivity Center 4.1.x (Windows)
TotalStorage Productivity Center 3.3.x (Windows)

The versions listed above apply to all licensed offerings of IBM Spectrum Control and Tivoli Storage Productivity Center, including IBM SmartCloud Virtual Storage Center Storage Analytics Engine.

AIX and Linux versions of the products are not affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/28KX84Z
X-Force Database: http://ift.tt/1Vw3dW4



from IBM Product Security Incident Response Team http://ift.tt/28KX9pD
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us