HP Virtual Rooms Client < 7.0.1 ActiveX Control Dangerous Methods

High Nessus Plugin ID 35804


The remote Windows host has an ActiveX control that fails to restrict access to dangerous methods.


HP Virtual Rooms client is installed on the remote system. An ActiveX control included with the client and provided by a file with a name such as 'HPVirtualRooms32.dll' contains several dangerous methods. By tricking a user into viewing a specially crafted HTML document, it may be possible for an attacker to use these methods to execute arbitrary code on the remote system subject to the user's privileges.


Upgrade to HP Virtual Rooms client version 7.0.1.

See Also


Plugin Details

Severity: High

ID: 35804

File Name: hp_virtualroomsclient_701_code_exec.nasl

Version: $Revision: 1.12 $

Type: local

Agent: windows

Family: Windows

Published: 2009/03/09

Modified: 2016/10/27

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:virtual_rooms

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/02/26

Reference Information

CVE: CVE-2009-0208

BID: 33918

OSVDB: 52830

CERT: 461321

CWE: 94