CVE-2007-5289

Name of the Vulnerable Software and Affected Versions HP Mercury Quality Center (QC) versions 9.2 and earlier

Description The issue allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture (OTA) API. This is achieved by modifying certain files, such as common.tds, defects.tds, manrun.tds, req.tds, testlab.tds, or testplan.tds, in the %tmp%TD 80 directory, and then setting the file's properties to read-only.

Recommendations For HP Mercury Quality Center (QC) versions 9.2 and earlier, consider restricting access to the Open Test Architecture (OTA) API until a patch is available. As a temporary workaround, avoid using the OTA API for critical operations and limit user capabilities to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.