The bug, patched recently by IBM, exists because an ActiveX control parameter is insufficiently sanitized, and it can be exploited by passing malicious code through the problematic parameter. The vulnerability has been assigned the CVE identifier CVE-2015-0140 and a CVSS score of 4.1.

PATCHED SPSS V20 For 32 Bit

The flaw affects SPSS 22 on Windows 32-bit installations. IBM patched the vulnerability with the release of SPSS Statistics 22.0 Fix Pack 1 and the SPSS Statistics 22.0 FP1 IF022 interim fix. The company advises users to install the fix pack and then the interim fix.

The available extras, found in the installation guide, are[all, performance, computation, timezone, fss, aws, gcp, excel, parquet, feather, hdf5, spss, postgresql, mysql,sql-other, html, xml, plot, output_formatting, clipboard, compression, test] (GH39164). 2ff7e9595c