Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4827

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4827
Last Modified 07 Mar 2011 10:13:22
Published 08 Jan 2009 02:30:11
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4827

Summary

Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions.

Vulnerable Systems

Application

  • Componentone Sizerone 8.0.20081.140

  • Sap Gui 6.40

  • Sap Gui 7.10

  • Sap Tabone 7.0.0.16

  • Servantix Tsc2 Help Desk 4.18


References

XF - sizerone-tab-bo(47771)

XF - sapgui-tabone-bo(47770)

XF - tsc2-ctab-bo(47769)

VUPEN - ADV-2009-0037

VUPEN - ADV-2009-0036

BID - 33148

BUGTRAQ - 20090107 Secunia Research: TSC2 Help Desk CTab ActiveX Control Buffer Overflow

SECTRACK - 1021529

SREASON - 4879

MISC - http://secunia.com/secunia_research/2008-54/

MISC - http://secunia.com/secunia_research/2008-53/

MISC - http://secunia.com/secunia_research/2008-52/

SECUNIA - 32672

SECUNIA - 32648

SECUNIA - 32609


Last Updated: 27 May 2016 10:48:38