TestDirector (TD) for Mercury Quality Center SPIDERLib.Loader ActiveX Control (Spider90.ocx) ProgColor Property Overflow
High Nessus Plugin ID 24909
SynopsisThe remote Windows host has an ActiveX control that is susceptible to a buffer overflow vulnerability.
DescriptionThe Windows remote host contains an ActiveX control used by Mercury Quality Center, a web-based solution for automatic software testing.
The version of this ActiveX control on the remote host reportedly contains a buffer overflow vulnerability in its 'ProgColor' property.
By setting the property to an overly long value, a remote attacker may be able to leverage this issue to execute arbitrary code on the remote host subject to the privileges of the current user.
SolutionEither remove the control if Quality Center access is not needed or apply the appropriate patch referenced in the vendor advisory above to the Quality Control server and browse the Quality Control server's Site Administration page to update the control on the remote host.