CVE-2007-6530

critical

Description

Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function.

References

http://www.vupen.com/english/advisories/2007/4310

http://www.securitytracker.com/id?1019147

http://secunia.com/advisories/28218

http://secunia.com/advisories/28205

http://secunia.com/advisories/28145

http://osvdb.org/39901

Details

Source: Mitre, NVD

Published: 2007-12-27

Updated: 2011-03-08

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical