CVE-2017-12969

Name of the Vulnerable Software and Affected Versions Avaya IP Office Contact Center versions prior to 10.1.1

Description The issue is related to a buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control. This can be exploited by remote attackers who send a long string to the open method, potentially causing a denial of service due to heap corruption and crash, or allowing the execution of arbitrary code.

Recommendations For versions prior to 10.1.1, update to version 10.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ViewerCtrlLib.ViewerCtrl ActiveX control to minimize the risk of exploitation.