CVE-2008-4827

ComponentOne SizerOne 8.0.20081.140 - Remote Code Execution via Tab Caption Overflow

Title source: llm
STIX 2.1

Description

Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions.

References (15)

Core 15
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499830/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0037
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0036
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2008-54/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47770
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2008-53/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33148
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47771
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32648
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2008-52/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1021529
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32609
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4879
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32672
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47769

Scores

EPSS 0.2054
EPSS Percentile 95.7%

Details

CWE
CWE-119
Status published
Products (5)
componentone/sizerone 8.0.20081.140
sap/sap_gui 6.40
sap/sap_gui 7.10
sap/tabone 7.0.0.16
servantix/tsc2_help_desk 4.18
Published Jan 08, 2009
Tracked Since Feb 18, 2026