PT-2007-3173 · Mercury · Testdirector+3

Publicado

2007-04-02

Atualizado

2017-07-29

CVE-2007-1819

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Mercury Quality Center versions 8.2 SP1 through 9.0 before Patch 12.1 TestDirector versions 8.2 SP1 through 9.0 before Patch 12.1

Description: The issue is a stack-based buffer overflow in the SPIDERLib.Loader ActiveX control. This allows remote attackers to execute arbitrary code via a long ProgColor property.

Recommendations: For Mercury Quality Center versions 8.2 SP1 through 9.0, apply Patch 12.1 to resolve the issue. For TestDirector versions 8.2 SP1 through 9.0, apply Patch 12.1 to resolve the issue. As a temporary workaround, consider restricting access to the Spider90.ocx ActiveX control until a patch is applied.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2007-1819

Produtos afetados

Hp Mercury Quality Center

Spiderlib.Loader Activex Control

Spider90.Ocx

Testdirector

PT-2007-3173 · Mercury · Testdirector+3

CVE-2007-1819

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14