CVE-2008-4827

Name of the Vulnerable Software and Affected Versions ComponentOne SizerOne version 8.0.20081.140 ComponentOne Studio for ActiveX version 2008 TSC2 Help Desk version 4.1.8 SAP GUI versions 6.40 Patch 29 and 7.10

Description The issue is related to multiple heap-based buffer overflows in certain ActiveX controls. This can be exploited by remote attackers to execute arbitrary code, for example, by adding many tabs or tabs with long captions to the affected controls.

Recommendations For ComponentOne SizerOne version 8.0.20081.140, update to a version that fixes the AddTab method issue in the Tab and CTab ActiveX controls. For ComponentOne Studio for ActiveX version 2008, ensure the c1sizer.ocx file is updated to prevent exploitation of the vulnerable ActiveX controls. For TSC2 Help Desk version 4.1.8, restrict access to the affected ActiveX controls until a patch is available. For SAP GUI versions 6.40 Patch 29 and 7.10, apply the necessary patches or updates to fix the issue in the TabOne ActiveX control.