‫ HP Application Lifecycle Management XGO.ocx Two Vulnerabilities

IRCAD2012082160
ID: IRCAD2012082160                          
Release Date: 2012-08-30
Criticality level: Highly critical
Software:
HP Application Lifecycle Management 11.x
Description:
Two vulnerabilities have been reported in HP Application Lifecycle Management, which can be exploited by malicious people to compromise a user's system.
1) A type confusion error in the "SetShapeNodeType()" method within the XGO.ocx ActiveX control can be exploited to access user-specified data as an object.
2) The unsafe "CopyToFile()" method within the XGO.ocx ActiveX control allows creating and overwriting arbitrary files.
Successful exploitation of the vulnerabilities allows execution of arbitrary code.
Solution
Set the kill-bit for the affected ActiveX control.
 
References:
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 14 شهریور 1391

امتیاز

امتیاز شما
تعداد امتیازها:0