CVE-2008-0437

Name of the Vulnerable Software and Affected Versions HP Virtual Rooms version 1.0.0.100

Description The issue is related to multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control, which is part of the HP Virtual Rooms installation process. This can be exploited by remote attackers to execute arbitrary code via long values of the AuthenticationURL, PortalAPIURL, or cabroot properties.

Recommendations For version 1.0.0.100, as a temporary workaround, consider restricting the length of the AuthenticationURL, PortalAPIURL, and cabroot property values to prevent buffer overflows until a patch is available.