CVE-2008-0437

HP Virtual Rooms - Memory Corruption

Title source: rule

Description

Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Elazar · htmlremotewindows

https://www.exploit-db.com/exploits/4959

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39836

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27384

[Vendor Advisory] http://secunia.com/advisories/28595

[Mailing List] http://marc.info/?l=full-disclosure&m=120098751528333&w=2

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4959

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/0236

Scores

EPSS 0.3249

EPSS Percentile 96.9%

Details

CWE

CWE-119

Status published

Products (2)

hp/virtual_rooms 1.0.0.100

microsoft/activex

Published Jan 23, 2008

Tracked Since Feb 18, 2026