Vulnerability Description
Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Virtual Rooms | 1.0.0.100 |
| Microsoft | Activex | All versions |
Related Weaknesses (CWE)
References
- http://marc.info/?l=full-disclosure&m=120098751528333&w=2
- http://secunia.com/advisories/28595Vendor Advisory
- http://www.securityfocus.com/bid/27384
- http://www.vupen.com/english/advisories/2008/0236
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39836
- https://www.exploit-db.com/exploits/4959
- http://marc.info/?l=full-disclosure&m=120098751528333&w=2
- http://secunia.com/advisories/28595Vendor Advisory
- http://www.securityfocus.com/bid/27384
- http://www.vupen.com/english/advisories/2008/0236
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39836
- https://www.exploit-db.com/exploits/4959
FAQ
What is CVE-2008-0437?
CVE-2008-0437 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to ...
How severe is CVE-2008-0437?
CVE-2008-0437 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0437?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Virtual Rooms, Microsoft Activex.