CVE-2008-0437

Properties

Published:
22.01.2008
Updated:
25.01.2008
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Product:
Microsoft: ActiveX

Vulnerability description

Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value.  NOTE: some of these details are obtained from third party information.

References:

FULLDISC: http://marc.info/?l=full-disclosure&m=120098751528333&w=2
BID: http://www.securityfocus.com/bid/27384
FRSIRT: http://www.frsirt.com/english/advisories/2008/0236
SECUNIA: http://secunia.com/advisories/28595