Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0437

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-0437
Last Modified 07 Mar 2011 10:04:43
Published 23 Jan 2008 05:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0437

Summary

Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Hp Virtual Rooms 1.0.0.100

  • Microsoft Activex


References

VUPEN - ADV-2008-0236

BID - 27384

SECUNIA - 28595

FULLDISC - 20080122 HP Virtual Rooms WebHPVCInstall Control Multiple Buffer Overflows

XF - hpvirtualrooms-hpvirtualrooms14-activex-bo(39836)

MILW0RM - 4959


Last Updated: 27 May 2016 10:46:48