CVE-2007-1819

HP Mercury Quality Center 9.0 - Stack-Based Buffer Overflow via SPIDERLib.Loader ActiveX ProgColor Property

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2007-1819. PoCs published by Metasploit, ri0t, including Metasploit module exploits/windows/browser/hpmqc_progcolor.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack-based buffer overflow in the HP Mercury Quality Center ActiveX control (Spider90.ocx) via the 'ProgColor' property. It delivers a payload through a malicious HTML page with embedded JavaScript to achieve remote code execution.

Description

Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16580

This is a Metasploit module exploiting a stack-based buffer overflow in the HP Mercury Quality Center ActiveX control (Spider90.ocx) via the 'ProgColor' property. It delivers a payload through a malicious HTML page with embedded JavaScript to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32 (Spider90.ocx 9.1.0.4353)
No auth needed
Prerequisites: Target must have the vulnerable ActiveX control installed · Target must visit a malicious webpage or be tricked into opening a malicious HTML file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ri0t · perlremotewindows
https://www.exploit-db.com/exploits/3661

This exploit targets a buffer overflow vulnerability in Mercury Quality Center's Spider90.ocx ActiveX control via the ProgColor parameter. It uses a combination of JavaScript heap spraying and shellcode execution to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mercury Quality Center Spider90.ocx (Version 9.1.0.4353)
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit HTML file · ActiveX control must be installed and enabled in the browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/hpmqc_progcolor.rb

This Metasploit module exploits a stack-based buffer overflow in the HP Mercury Quality Center ActiveX control (Spider90.ocx) via the 'ProgColor' property. It delivers a malicious HTML page with JavaScript that triggers the overflow, leading to arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP Mercury Quality Center 9.0 before Patch 12.1, 8.2 SP1 before Patch 32
No auth needed
Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (10)

Core 10
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1185
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017835
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24692
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/589097
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33353
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23239
Third Party Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=497

Scores

EPSS 0.3973
EPSS Percentile 98.4%

Details

CWE
CWE-119
Status published
Products (2)
hp/mercury_quality_center 8.2 sp1
hp/mercury_quality_center 9.0
Published Apr 02, 2007
Tracked Since Feb 18, 2026