HP Mercury Quality Center ActiveX Control Buffer Overflow Vulnerability
BID:23239
Info
HP Mercury Quality Center ActiveX Control Buffer Overflow Vulnerability
| Bugtraq ID: | 23239 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1819 CVE-2008-1474 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 01 2007 12:00AM |
| Updated: | Jun 07 2008 03:22AM |
| Credit: | Will Dormann of CERT/CC, Eric Detoisien and Titon& Ri0tare are credited with discovering this issue. |
| Vulnerable: |
HP Mercury Quality Center 9.0 HP Mercury Quality Center 8.2.SP1 Gentoo www-apps/roundup 1.4.4 |
| Not Vulnerable: | |
Discussion
HP Mercury Quality Center ActiveX Control Buffer Overflow Vulnerability
HP Mercury Quality Center ActiveX control is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and possibly to compromise affected computers.
HP Mercury Quality Center 8.2 SP1 and 9.0 are vulnerable to this issue.
HP Mercury Quality Center ActiveX control is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and possibly to compromise affected computers.
HP Mercury Quality Center 8.2 SP1 and 9.0 are vulnerable to this issue.
Exploit / POC
HP Mercury Quality Center ActiveX Control Buffer Overflow Vulnerability
Sample exploit code has been provided:
Sample exploit code has been provided:
Solution / Fix
HP Mercury Quality Center ActiveX Control Buffer Overflow Vulnerability
Solution:
The vendor has released updates. Please see the references for more information.
HP Mercury Quality Center 8.2.SP1
HP Mercury Quality Center 9.0
Solution:
The vendor has released updates. Please see the references for more information.
HP Mercury Quality Center 8.2.SP1
-
HP Mercury Quality Center 8.2 Sp1 Patch 32
http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bb ae2/7a0f7f0efc7905fdc225729f004cf387?OpenDocument
HP Mercury Quality Center 9.0
-
HP Mercury Quality Center 9.0 Patch 12.1
http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bb ae2/cf109e434c77 65eac22572a4006c6e94?OpenDocument
References
HP Mercury Quality Center ActiveX Control Buffer Overflow Vulnerability
References:
References:
- Hewlett-Packard Mercury Quality Center ActiveX Control ProgColor Buffer Overflow (iDefense Labs)
- HPSBGN02199 SSRT071312 rev.1 - Mercury Quality Center ActiveX, Remote Unauthoriz (HP)
- Mercury Quality Center Homepage (HP)
- iDefense Security Advisory 04.02.07: Hewlett-Packard Mercury Quality Center Act (iDefense Labs)
- Vulnerability Note VU#589097 HP Mercury Interactive Quality Center Spider Module (US-CERT)