CVE-2008-0437

critical

Description

Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information.

References

https://www.exploit-db.com/exploits/4959

https://exchange.xforce.ibmcloud.com/vulnerabilities/39836

http://www.vupen.com/english/advisories/2008/0236

http://www.securityfocus.com/bid/27384

http://secunia.com/advisories/28595

http://marc.info/?l=full-disclosure&m=120098751528333&w=2

Details

Source: Mitre, NVD

Published: 2008-01-23

Updated: 2017-09-29

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical