TestDirector (TD) for Mercury Quality Center SPIDERLib.Loader ActiveX Control (Spider90.ocx) ProgColor Property Overflow

High Nessus Plugin ID 24909


The remote Windows host has an ActiveX control that is susceptible to a buffer overflow vulnerability.


The Windows remote host contains an ActiveX control used by Mercury Quality Center, a web-based solution for automatic software testing.

The version of this ActiveX control on the remote host reportedly contains a buffer overflow vulnerability in its 'ProgColor' property.
By setting the property to an overly long value, a remote attacker may be able to leverage this issue to execute arbitrary code on the remote host subject to the privileges of the current user.


Either remove the control if Quality Center access is not needed or apply the appropriate patch referenced in the vendor advisory above to the Quality Control server and browse the Quality Control server's Site Administration page to update the control on the remote host.

See Also





Plugin Details

Severity: High

ID: 24909

File Name: mercury_qc_activex_progcolor_overflow.nasl

Version: $Revision: 1.13 $

Type: local

Agent: windows

Family: Windows

Published: 2007/04/03

Modified: 2016/10/27

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/04/02

Vulnerability Publication Date: 2007/04/02

Exploitable With

CANVAS (D2ExploitPack)

Metasploit (HP Mercury Quality Center ActiveX Control ProgColor Buffer Overflow)

Reference Information

CVE: CVE-2007-1819

BID: 23239

OSVDB: 34317