PT-2007-3173 · Mercury · Testdirector+3

Published

2007-04-02

Updated

2017-07-29

CVE-2007-1819

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Mercury Quality Center versions 8.2 SP1 through 9.0 before Patch 12.1 TestDirector versions 8.2 SP1 through 9.0 before Patch 12.1

Description: The issue is a stack-based buffer overflow in the SPIDERLib.Loader ActiveX control. This allows remote attackers to execute arbitrary code via a long ProgColor property.

Recommendations: For Mercury Quality Center versions 8.2 SP1 through 9.0, apply Patch 12.1 to resolve the issue. For TestDirector versions 8.2 SP1 through 9.0, apply Patch 12.1 to resolve the issue. As a temporary workaround, consider restricting access to the Spider90.ocx ActiveX control until a patch is applied.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2007-1819

Affected Products

Hp Mercury Quality Center

Spiderlib.Loader Activex Control

Spider90.Ocx

Testdirector

PT-2007-3173 · Mercury · Testdirector+3

CVE-2007-1819

Weakness Enumeration

Related Identifiers

Affected Products

References · 14