Vulnerability Details CVE-2008-0437
Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.325
EPSS Ranking 96.6%
CVSS Severity
CVSS v2 Score 10.0
References
- http://marc.info/?l=full-disclosure&m=120098751528333&w=2
- http://secunia.com/advisories/28595
- http://www.securityfocus.com/bid/27384
- http://www.vupen.com/english/advisories/2008/0236
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39836
- https://www.exploit-db.com/exploits/4959
- http://marc.info/?l=full-disclosure&m=120098751528333&w=2
- http://secunia.com/advisories/28595
- http://www.securityfocus.com/bid/27384
- http://www.vupen.com/english/advisories/2008/0236
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39836
- https://www.exploit-db.com/exploits/4959
Products affected by CVE-2008-0437
-
cpe:2.3:a:hp:virtual_rooms:1.0.0.100
-
cpe:2.3:a:microsoft:activex:-
-
cpe:2.3:a:microsoft:activex:5.0.0.112
-
cpe:2.3:a:microsoft:activex:5.0.0.117