CVE-2012-1241

Description

GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document.

Affected products

• artonx.org / activescriptruby1.0.8.8
• artonx.org / activescriptruby1.6.0.1 – 1.6.0.1
• artonx.org / activescriptruby1.6.0.2 – 1.6.0.2
• artonx.org / activescriptruby1.6.0.3 – 1.6.0.3
• artonx.org / activescriptruby1.6.0.5 – 1.6.0.5
• artonx.org / activescriptruby1.6.2.0 – 1.6.2.0
• artonx.org / activescriptruby1.6.2.1 – 1.6.2.1
• artonx.org / activescriptruby1.6.2.2 – 1.6.2.2
• artonx.org / activescriptruby1.6.2.3 – 1.6.2.3
• artonx.org / activescriptruby1.6.2.4 – 1.6.2.4
• artonx.org / activescriptruby1.6.2.5 – 1.6.2.5
• artonx.org / activescriptruby1.6.2.6 – 1.6.2.6
• artonx.org / activescriptruby1.6.2.7 – 1.6.2.7
• artonx.org / activescriptruby1.6.2.8 – 1.6.2.8
• artonx.org / activescriptruby1.6.2.9 – 1.6.2.9
• artonx.org / activescriptruby1.6.2.10 – 1.6.2.10
• artonx.org / activescriptruby1.6.3.0 – 1.6.3.0
• artonx.org / activescriptruby1.6.3.1 – 1.6.3.1
• artonx.org / activescriptruby1.6.3.2 – 1.6.3.2
• artonx.org / activescriptruby1.6.3.3 – 1.6.3.3
• artonx.org / activescriptruby1.6.3.4 – 1.6.3.4
• artonx.org / activescriptruby1.6.3.5 – 1.6.3.5
• artonx.org / activescriptruby1.6.4.0 – 1.6.4.0
• artonx.org / activescriptruby1.6.4.1 – 1.6.4.1
• artonx.org / activescriptruby1.6.4.2 – 1.6.4.2
• artonx.org / activescriptruby1.6.4.3 – 1.6.4.3
• artonx.org / activescriptruby1.6.4.4 – 1.6.4.4
• artonx.org / activescriptruby1.6.4.6 – 1.6.4.6
• artonx.org / activescriptruby1.6.4.7 – 1.6.4.7
• artonx.org / activescriptruby1.6.4.8 – 1.6.4.8
• artonx.org / activescriptruby1.6.5.0 – 1.6.5.0
• artonx.org / activescriptruby1.6.5.1 – 1.6.5.1
• artonx.org / activescriptruby1.6.5.2 – 1.6.5.2
• artonx.org / activescriptruby1.6.5.3 – 1.6.5.3
• artonx.org / activescriptruby1.6.5.4 – 1.6.5.4
• artonx.org / activescriptruby1.6.5.5 – 1.6.5.5
• artonx.org / activescriptruby1.6.5.6 – 1.6.5.6
• artonx.org / activescriptruby1.6.5.7 – 1.6.5.7
• artonx.org / activescriptruby1.6.6.0 – 1.6.6.0
• artonx.org / activescriptruby1.6.6.1 – 1.6.6.1
• artonx.org / activescriptruby1.6.7.0 – 1.6.7.0
• artonx.org / activescriptruby1.6.7.1 – 1.6.7.1
• artonx.org / activescriptruby1.6.7.2 – 1.6.7.2
• artonx.org / activescriptruby1.6.7.3 – 1.6.7.3
• artonx.org / activescriptruby1.6.7.4 – 1.6.7.4
• artonx.org / activescriptruby1.6.7.5 – 1.6.7.5
• artonx.org / activescriptruby1.6.7.6 – 1.6.7.6
• artonx.org / activescriptruby1.6.8.0 – 1.6.8.0
• artonx.org / activescriptruby1.6.8.1 – 1.6.8.1
• artonx.org / activescriptruby1.6.8.3 – 1.6.8.3
• artonx.org / activescriptruby1.8.0.0 – 1.8.0.0
• artonx.org / activescriptruby1.8.0.5 – 1.8.0.5
• artonx.org / activescriptruby1.8.1.0 – 1.8.1.0
• artonx.org / activescriptruby1.8.1.1 – 1.8.1.1
• artonx.org / activescriptruby1.8.1.2 – 1.8.1.2
• artonx.org / activescriptruby1.8.2.0 – 1.8.2.0
• artonx.org / activescriptruby1.8.4.0 – 1.8.4.0
• artonx.org / activescriptruby1.8.5.0 – 1.8.5.0
• artonx.org / activescriptruby1.8.5.2 – 1.8.5.2
• artonx.org / activescriptruby1.8.7.34 – 1.8.7.34
• artonx.org / activescriptruby1.8.7.35 – 1.8.7.35
• artonx.org / activescriptruby1.8.7.36 – 1.8.7.36

References

• MISChttp://jvndb.jvn.jp/jvndb/JVNDB-2012-000031
• MISChttp://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-list/47170
• MISChttp://www.securityfocus.com/bid/53011
• VENDOR_ADVISORYhttp://secunia.com/advisories/48811
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/74866
• MISChttp://jvn.jp/en/jp/JVN33283707/index.html