CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
98.2%
Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.
Vendor | Product | Version | CPE |
---|---|---|---|
hp | mercury_quality_center | 8.2 | cpe:2.3:a:hp:mercury_quality_center:8.2:sp1:*:*:*:*:*:* |
hp | mercury_quality_center | 9.0 | cpe:2.3:a:hp:mercury_quality_center:9.0:*:*:*:*:*:*:* |
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00901872
labs.idefense.com/intelligence/vulnerabilities/display.php?id=497
secunia.com/advisories/24692
securitytracker.com/id?1017835
webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/7a0f7f0efc7905fdc225729f004cf387?OpenDocument
webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/cf109e434c7765eac22572a4006c6e94?OpenDocument
www.kb.cert.org/vuls/id/589097
www.securityfocus.com/bid/23239
www.vupen.com/english/advisories/2007/1185
exchange.xforce.ibmcloud.com/vulnerabilities/33353