CVE-2012-1241

EUVD-2012-1267
GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
artonx.orgactivescriptruby
𝑥
≤ 1.0.8.8
artonx.orgactivescriptruby
1.6.0.1
artonx.orgactivescriptruby
1.6.0.2
artonx.orgactivescriptruby
1.6.0.3
artonx.orgactivescriptruby
1.6.0.5
artonx.orgactivescriptruby
1.6.2.0
artonx.orgactivescriptruby
1.6.2.1
artonx.orgactivescriptruby
1.6.2.2
artonx.orgactivescriptruby
1.6.2.3
artonx.orgactivescriptruby
1.6.2.4
artonx.orgactivescriptruby
1.6.2.5
artonx.orgactivescriptruby
1.6.2.6
artonx.orgactivescriptruby
1.6.2.7
artonx.orgactivescriptruby
1.6.2.8
artonx.orgactivescriptruby
1.6.2.9
artonx.orgactivescriptruby
1.6.2.10
artonx.orgactivescriptruby
1.6.3.0
artonx.orgactivescriptruby
1.6.3.1
artonx.orgactivescriptruby
1.6.3.2
artonx.orgactivescriptruby
1.6.3.3
artonx.orgactivescriptruby
1.6.3.4
artonx.orgactivescriptruby
1.6.3.5
artonx.orgactivescriptruby
1.6.4.0
artonx.orgactivescriptruby
1.6.4.1
artonx.orgactivescriptruby
1.6.4.2
artonx.orgactivescriptruby
1.6.4.3
artonx.orgactivescriptruby
1.6.4.4
artonx.orgactivescriptruby
1.6.4.6
artonx.orgactivescriptruby
1.6.4.7
artonx.orgactivescriptruby
1.6.4.8
artonx.orgactivescriptruby
1.6.5.0
artonx.orgactivescriptruby
1.6.5.1
artonx.orgactivescriptruby
1.6.5.2
artonx.orgactivescriptruby
1.6.5.3
artonx.orgactivescriptruby
1.6.5.4
artonx.orgactivescriptruby
1.6.5.5
artonx.orgactivescriptruby
1.6.5.6
artonx.orgactivescriptruby
1.6.5.7
artonx.orgactivescriptruby
1.6.6.0
artonx.orgactivescriptruby
1.6.6.1
artonx.orgactivescriptruby
1.6.7.0
artonx.orgactivescriptruby
1.6.7.1
artonx.orgactivescriptruby
1.6.7.2
artonx.orgactivescriptruby
1.6.7.3
artonx.orgactivescriptruby
1.6.7.4
artonx.orgactivescriptruby
1.6.7.5
artonx.orgactivescriptruby
1.6.7.6
artonx.orgactivescriptruby
1.6.8.0
artonx.orgactivescriptruby
1.6.8.1
artonx.orgactivescriptruby
1.6.8.3
artonx.orgactivescriptruby
1.8.0.0
artonx.orgactivescriptruby
1.8.0.5
artonx.orgactivescriptruby
1.8.1.0
artonx.orgactivescriptruby
1.8.1.1
artonx.orgactivescriptruby
1.8.1.2
artonx.orgactivescriptruby
1.8.2.0
artonx.orgactivescriptruby
1.8.4.0
artonx.orgactivescriptruby
1.8.5.0
artonx.orgactivescriptruby
1.8.5.2
artonx.orgactivescriptruby
1.8.7.34
artonx.orgactivescriptruby
1.8.7.35
artonx.orgactivescriptruby
1.8.7.36
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-list/47170
http://jvn.jp/en/jp/JVN33283707/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000031
http://secunia.com/advisories/48811
http://www.securityfocus.com/bid/53011
https://exchange.xforce.ibmcloud.com/vulnerabilities/74866
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-list/47170
http://jvn.jp/en/jp/JVN33283707/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000031
http://secunia.com/advisories/48811
http://www.securityfocus.com/bid/53011
https://exchange.xforce.ibmcloud.com/vulnerabilities/74866