Name:
HP.Virtual.Rooms.WebHPVCInstall.Control.Buffer.Ove
Released Date:
Jan 23 2008
Severity:
high
CVE:
2008-0213
Bugtraq:
27384

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates a possible attempt to exploit one of several buffer overflow vulnerabilities in HP Virtual Rooms.

The vulnerabilities are in the "WebHPVCInstall.HPVirtualRooms14" ActiveX control in HPVirtualRooms14.dll. They result from the application's failure to bounds check user supplied input, leading to various buffer overflows. As a result a remote attacker may be able to execute arbitrary code and gain control of vulnerable systems.
 
Impact
System Compromise: remote code execution.
 
Affected Products
HP Virtual Rooms hpvirtualrooms14.dll version 1.0.0.100
Aliases
HP.Virtual.Rooms.WebHPVCInstall.Control.Buffer.Overflow
References
http://www.securityfocus.com/bid/27384
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0213
http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059837.html
http://secunia.com/advisories/28595/
http://www.milw0rm.com/exploits/4959
Recommended Actions
The vendor has not published a patch at this time.

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED